Completing your gap analysis

How compliant is your organisation? Are there any gaps in compliance? What are the risks inherent in those gaps and which of them need to be addressed urgently? To answer these questions, you need to undertake a compliance and risk assessment.

Do you require prior consent from individuals?  How do you obtain and manage this consent? How are you protecting the personal data of your employees? Who has access to an individual’s personal data? What cybersecurity controls do you have in place?

You need to review and document the technical and organisational measures you have in place to protect personal data. You also need to review and document your consent and digital marketing practices, as well as your human resource practices. The software’s compliance and risk checklists give you a framework for evaluating what you’ve done, documenting it and assessing any related risks.

What processing operations are high risk?

Some examples are: using personal data of children and other vulnerable individuals; tracking an individual’s behaviour; processing genetic or biometric data and even processing high volumes of data. Processing that is likely to result in high risk requires you to undertake a Data Protection Impact Assessment (DPIA), this is covered in Data protection by design with DPIAs