GDPR Gap Analysis Service

Preparing for the GDPR? Your action plan in one week



On 25th May 2018, the European Union (EU) General Data Protection Regulation (GDPR) will come into force. Regardless of Brexit, UK businesses will, by law, need to be ready by this date. This means businesses should have assessed their obligations and updated their policies, processes and systems to comply with the regulation. In the event of a data breach, the penalties that the Information Commissioner’s Office (ICO) can impose for poor practice can be severe, but this will be negligible compared to the potential financial loss of acquiring a bad reputation among customers.

Whilst many companies and consultancies are focusing on compliance, business challenges often come with a silver lining. At Ascentor, we always seek to identify the extra benefits. With the impetus of the GDPR, now is the time to take the opportunity to review and optimise existing data processing practices including security controls, retention strategies and third-party agreements.


If you are already compliant with the UK Data Protection Act 1998, you will already have in place many measures to meet the obligations of the GDPR. However, the GDPR resets the bar as to what is expected, which is to ensure that businesses become totally accountable for the way they process and protect the personal data of their “data subjects” (prospects, customers, citizens, members). In addition to existing measures, you must now consider:

  • Transparency: the GDPR requires that data subjects know and understand exactly what their data are being used for, the lawful process for processing and how long the data will be stored. You must make your intentions known in a clear message that has full visibility at the point of data collection.
  • Rights: data subjects have more rights such as the right to erasure, also known as the right to be forgotten. You must have processes in place to handle requests and be able to respond in a timely manner. Whilst software tools can help, it will be an organisation’s in-house processes that will make the difference between coping and failing.
  • Security: you will need to have the appropriate security measures in place to protect the confidentiality, integrity and availability of personal data. In the event of a data breach, all  evidence of governance measures will be investigated so it is vital that security controls are regularly assessed, tested and improved where appropriate.
  • Resources: the GDPR requires many organisations to appoint a Data Protection Officer (DPO). The correct implementation of the DPO’s function is vital to a business being able to meet the expectations of the GDPR, so you need to understand the scope and profile of the role.


Ascentor can steer you through the GDPR maze. We start with our tried and tested Gap Analysis, a four-step process that will arm you with the knowledge to make business decisions regarding improvements and related resources. The exercise is fast and efficient – typically completed within one week – yet suitably tailored to your specific requirements.

Ascentor GDPR Gap Analysis

Ascentor GDPR Gap Analysis model




A service that will quickly establish your status and include a recommended action plan.

How does it work?

At a high level, the four steps cover:

  • A Scoping Meeting (virtual or in person): to provide a clear introduction to the gap analysis process, set objectives, scope, expectations, activities, timings and deliverables with project stakeholders.
  • Data Capture: a comprehensive review of documentation, processes and systems to identify categories of personal data, collection and processing activities, governance controls and security.
  • Data Analysis: an assessment of how well the captured data complies with the GDPR in terms of business culture and managerial commitment towards privacy, maturity of privacy and policy documentation, robustness of technical and procedural measures, and degree of diligence as it is applied to data transfer to third parties.
  • Report and Road Map: written (and optionally verbal) confirmation of findings, conclusions on compliance levels, and recommendations for remediation.

Feel confident in your approach to the GDPR

On completion of an Ascentor Gap Analysis, you will understand where you are today and what needs to be done, not just to meet a deadline in May 2018, but because it is the right thing to do.

Next Steps

To take your first steps towards being ‘GDPR Ready’ or to validate where you have got to so far, get in touch now. Contact Dave James, MD at Ascentor, for a no obligation, confidential discussion:

Telephone: 01452 881712 or 07787 506889

Email: [email protected]

Email Ascentor Image Map