GDPR Gap Analysis Packages

GDPR Gap Analysis Packages

To understand what you need to do, you first have to understand where you are. That’s exactly what our GDPR gap analysis helps you with.

Our GDPR Gap Analysis packages are an ideal way to find the current state of your GDPR compliance, analyse your business policies, processes and technology, and identify areas in need of improvement.

It will:

  • Raise client awareness about GDPR and individuals rights (senior management briefing)
  • Review the core business processes and operations
  • Review any other legal/regulatory/compliance requirements (e.g. FCA, ISO)
  • Data discovery process for all affected assets, including any ingress and egress paths with clients and third-parties
  • High-level review of existing security and privacy controls
  • Review any existing policies and procedures that have a direct or indirect impact on data privacy
  • Review previous audits and security assessments for the affected assets


  • Provide a business system mapping of core processes and operations with various data flows
  • Provide a list of assets and processes that must be compliant with GDPR requirements
  • Provide any privacy and privacy-related risks
  • Provide solutions based on best practices
  • Identify areas that require remediation and provide recommendations with a roadmap for meeting GDPR compliance
  • Provide a list of documentation/templates to address compliance with GDPR (e.g. a privacy notice for how the data should be collected, accessed, processed, handled and retained)

What we need from you

You will need to appoint a dedicated internal project coordinator who can be the primary point of contact for Twin Systems. Similarly, we will nominate one of our certified EU GDPR Practitioners to act as your central point of contact, streamlining the project throughout all stages of engagement.

Given the wide-reaching impact of GDPR, we will need input from all business units to achieve the project objectives. This means involvement from Senior Management, HR/Personnel, Compliance, IT, Sales, Marketing, Procurement, Logistics, (and all other relevant departments), at various stages of the process. It is the client’s responsibility to ensure these resources are available for Twin’s GDPR consultants in-line with an agreed schedule.


Small Business GDPR Initial Gap Analysis package is designed for single-site UK businesses, with 20 or fewer employees. A typical engagement will take approximately three days, most of which will be spent on-site, working with key stakeholders inside your organisation.


Our Medium Business GDPR Initial Gap Analysis package is for organisations with 21-200 staff members at up to two UK locations. A typical engagement takes approximately five days, the majority of which is spent on-site, working with your internal teams.


For large enterprises with over 200 employees or organisations who work across multiple sites, we offer our Enterprise GDPR Initial Gap Analysis package. It’s tailored specifically to meet the challenges faced by your business, so get in touch with us for a competitive quote.

Leave a Reply

Your email address will not be published. Required fields are marked *