DPA Compliance Gap Analysis

Services clients purchase before

DPA Security Policies

Services clients purchase after

DPA Security Awareness Training

Top 5 DPA Compliance Challenges
DPA 10 Tips for Preventing Fines
Need some help?

Speak to the Risk Factory Foreman, and he'll tell you everything you need to know.

Call us on 0800 978 8139

 

Quote details

What is it?

A DPA Compliance Gap Analysis is the starting block for your data protection compliance efforts. It provides a detailed comparison of what your business is currently doing against what it should be doing to achieve compliance to the United Kingdom Data Protection Act (DPA) legislation. The analysis reviews the current processes and controls you have in place to protect Personal Identifiable Information (PII) and Sensitive Personal Identifiable Information (SPII) and those recommended for compliance to the legislation.

Why should I do it?

It’s the first and most critical step. Because conducting a gap analysis results in a list of specific, prioritised actions your business needs to implement in order to become complaint to the DPA. This takes the guess work out of things and helps your business focus on making real (cost-effective) compliance progress. The output is also fundamental for identifying compliance project management challenges and creating timelines, budgets and identifying resources required for compliance activities. The output creates your “road-map” to compliance.

How often should I do it?

You only need to do a gap analysis once to obtain a list of the specific activities required for compliance. Once compliant, you would then verify compliance every year.

What will Risk Factory do?

  • Conduct an on-site analysis of your current operations and controls against those recommended for compliance to the U.K. DPA Principles.
  • Interview your business key compliance stakeholders and confirm the evidence produced by your operations and controls against that required by the DPA.
  • Conduct a technical security vulnerability assessment of your existing exterior-facing network security controls.
  • Analyse the findings and produce a detailed report identifying the existing gap between your operations and controls and those required for DPA compliance.
  • Produce a prioritised list of activities for your business to undertake to obtain compliance.

What will I receive?

  • A comprehensive gap analysis against the eight principles of the U.K. DPA and a detailed report of findings indicating your existing compliance status. To see a sample contact the Risk Factory Foreman.
  • A draft project management plan detailing the specific actions required for compliance in order of significance and with data fields allotted to budget, resource and completion dates to help you manage your compliance program efforts.
  • Two weeks of on call (telephonic) support from an information security compliance consultant to answer any questions you may have regarding your road-map to compliance.
  • A certificate of validation for evidence of compliance.

Do I need to do anything in advance?

After placing the order with us you will need to speak with our Factory Foreman to schedule the onsite work and identify the businesses key compliance stakeholders (managing director or operations director, finance director, human resource manager, IT director and information security or compliance manager) to be interviewed in the analysis. Our Factory Foreman is standing by to help you.