Data Protection Gap Analysis

A data protection audit with our legal experts reveals gaps to the implementation of the provisions of the UK GDPR in your company – and provides you with an action plan to improve your compliance.

A security expert from checks the setup of a server

What is the status of data protection compliance in your company?

Data protection management is necessary to integrate data protection into all processes in your company. This enables you to control, check and optimise your processes and projects and keep track of your data processing and data flows.

However, such data protection management should also be reviewed at regular intervals in order to identify any gaps or to further optimise existing processes.

A suitably qualified external auditor is recommended to ensure an objective view, knowledge of the regulatory landscape and applicable legal requirements, and an experienced hand in developing new, improved approaches.

The data protection gap analysis

Together with you, we determine the audit content and scope. We audit your implementation of the general regulations and processes regulating data protection and information security in your company. Additionally, we discuss all data protection requirements with your departments which have contact to personal data, such as HR, marketing, customer service or procurement.

After our discussions with the responsible parties, we prepare an audit report alongside a detailed list of measures with meaningful, concrete, and prioritised recommendations for action for you. In this way any gaps discovered can be closed quickly and effectively.

The results are then discussed with your management and we help prioritise the next steps to achieve a compliant data protection management system or to optimise an existing one.

Our experts are highly qualified and build data protection management systems (DPMS) with numerous clients in a wide range of industries on a daily basis. We constantly monitor, review and optimise these DPMS based on the every changing data protection regulatory requirements. Our lawyers bring the appropriate expertise to the table when auditing your company in terms of data protection law.

Two lawyers from talk about necessary data protection measures for a client

4 good reasons to book your UK GDPR Audit with

Specialist lawyers

The gap analysis will be conducted by our lawyers and information security specialists all with in-depth experience of data protection and information security regulations, all holding data protection and information security certifications.

Broad experience

We have broad experience of working with EU and UK regulators and responding effectively to more complex interactions with data subjects and authorities. Our experts have been successfully advising clients in the UK and EU on their data protection obligations for several years now and know the ICO’s and European authorities’ tendencies.

Additional support

We advise on all questions relating to UK data protection law and regulatory compliance and can help you regarding any further data protection queries you may have.

True enablement

Our experts advise companies of many different sizes, many industries, and special business models. We offer a broad variety and understanding for your economic needs and goals – and see ourselves as enablers for your compliant value chains.

Free enquiry

Please provide us with some information about your company. We will contact you within two working days to discuss the details of a workshop with your company and provide you with a quote.

The quote will naturally contain a non-disclosure agreement so you may be sure that our experts, while already subject to professional privilege, will maintain the utmost confidentiality.

Frequently asked questions about the EU representative required under the GDPR

Art. 27 GDPR (General Data Protection Regulation) requires companies that do not have offices, branches, or other establishments in the EU (non-EU businesses), but conduct business with European clients, to appoint an EU representative. Specifically, you must appoint an EU representative if your organisation processes personal data in the following contexts:

  • offering goods or services to individuals in the EU, or
  • monitoring the behaviour of individuals in the EU.

This obligation applies to both data controllers and data processors.

An EU representative serves as a contact point between your company and individuals or data protection authorities in the EU. An EU representative therefore acts on your company’s behalf with regard to your obligations under the GDPR. Furthermore, the representative maintains your records of processing activities and makes these records available to supervisory authorities upon request.

EU representatives can be external service providers, and the role can be performed by individuals or organisations, such as law firms, consultancies, or other private companies. They must be based in one of the countries where customers or data subjects that are being monitored are located or where your goods or services are being offered.

The GDPR does not specify the minimum qualifications an EU representative should hold. However, it is advisable to appoint a representative that has a broad understanding of the relevant legal and technical data protection issues in order to be able to communicate with the authorities efficiently. Furthermore, as an EU representative serves as the contact point between your company and data subjects or authorities, it is thus essential that the representative speaks the local language fluently.

How much you can expect to pay for an EU representative under the GDPR depends on several factors, for example, the size of your company, the number of employees, what data you process and how many locations in how many countries you have. These all influence the amount of queries and attention from supervisory authorities your company may expect to receive. Furthermore, the costs for an EU representative are influenced by how much support you may need in creating and maintaining the necessary data protection documents (especially the records of processing activities – ROPA).