GDPR Gap Analysis

Obtain a clear view of the steps your organisation must take to comply with GDPR and reduce data privacy risk.

A detailed review of personal data processing in your organisation; resulting in a tailored and pragmatic roadmap of actions to ensure GDPR compliance.

Obtaining and maintaining a view of your level of compliance with GDPR is imperative if you are to minimise the risk of receiving a regulatory fine.

Given that organisations frequently change the types of personal data they capture and the ways that they process it, your GDPR compliance status can easily regress over time.

CyPro’s GDPR Gap Analysis is performed by an experienced Certified Information Privacy Professional – Europe (CIPP/E).

We will review your current GDPR policies and procedures and conduct a series of deep-dive workshops with key stakeholders. The output of our review will provide you with a list of gaps, their associated risk ratings, and the actions required to become compliant.

Obtain Buy-in

Meet with key stakeholders to raise awareness and support for the GDPR Gap Analysis and any subsequent remediation work.

Agree Scope

Identify the scope of the review based on your business structure, types of personal data being processed and your specific areas of concern.

Review Documentation

Review of key artefacts including your Record of Processing Activities, Privacy Notices and Data Subject Request processes.

Hold Workshops

Host meetings with data and process owners to confirm the actual data processing activities occurring within your business.

Present Findings

Present for validation a list of risk-rated non-compliances with GDPR, with associated recommendations for risk remediation.

Develop Roadmap

Create a tailored plan for achieving GDPR compliance, including work packages, required resources and estimated effort.

Benefits of CyPro’s GDPR Gap Analysis

Our approach to advising on GDPR is always pragmatic and tailored to the requirements most critical to your business.

Our GDPR Gap Analysis reports are written in a manner that can be understood by all stakeholders.

Expert Views
Our consultants are Certified Information Privacy Professionals, with vast experience advising on GDPR compliance.

Our roadmaps of recommendations are always practical and focus on the fastest means for reducing risk and achieving compliance.

What Our Clients Say

Head of Cyber Security Monitoring

Deutsche Bank

“CyPro combines security expertise with very strong personal and programme management skills which makes them the perfect partner for executives.“

Audley Travel Logo

Project Delivery Manager

Audley Travel

“CyPro’s ability to translate cyber security issues into business language, with both practical and strategic solutions, is what sets it apart from other cyber security providers.“

UBS Logo

Product Manager


“CyPro’s impact was immediate and significant. The project was quickly turned around, focused, engaged and delivery was on-track“.

Sounds interesting?

Schedule a free chat with Rob, one of our experienced data privacy consultants.

Ask them anything about GDPR and discuss whether a GDPR Gap Analysis could be of value to your business.

Book a call with Rob


Rob McBride

16 years of experience providing cyber security & data privacy advice to a wide range of businesses.


Ask Rob a question

    Frequently Asked Questions

    • What is GDPR?
    • Does GDPR apply in the UK following Brexit?
    • What are the potential fines for being in breach of GDPR?
    What is GDPR?

    GDPR stands for the General Data Protection Regulation – it is an EU law enacted on May 25th 2018 governing the capture, processing and storage of Personally Identifiable Information (PII).

    Does GDPR apply in the UK following Brexit?

    Yes – EU GDPR has been adopted into UK law as UK GDPR.  In principle, the law is identical to EU GDPR.  Whether EU GDPR or UK GDPR applies depends upon whether the data belongs to a UK or EU resident.

    What are the potential fines for being in breach of GDPR?

    Under UK GDPR the maximum potential fine is £17.5 million or 4% of global turnover.  Whilst under EU GDPR the maximum fine stand at €20 million or 4% of worldwide turnover.

    CISSP Certified
    Cyber Essentials Logo
    G-cloud supplier logo