Step 3: Gap analysis

Key considerations

Risk review

Once you have conducted your data mapping exercise and audit, you will need to understand any key areas of risk for your business, the various degrees of risk and how you are going to tackle them.


Depending on the nature of your business and extent of your risk exposure, you should consider whether you have the resources and skills internally to implement the necessary changes or whether you need to look to external support.


How Cripps Pemberton Greenish can help

We will look at your data map and any documentation you have provided to ensure we understand how your business uses data.

We will then produce a report on the flow of personal data within your business and advise on any key areas of risk.

We will produce a prioritised report for you detailing what remedial actions (if any) you need to take.

We will work with you to develop an implementation strategy which works for your business, outlining the steps which can be taken toward compliance, both for individual processes, and your processing activities as a whole.


Click here for Step 4: Implementation