It's hard to believe I'm still talking to companies who are only now getting started on GDPR compliance. In fact, Cisco's 2019 Data Privacy Benchmark Study found that only 59% of the 3,206 organizations they surveyed felt they were largely compliant. Nine percent had not even started their compliance work:
There are other companies who are thinking to entering the EU market and they are starting down the path of understanding what is required from a GDPR perspective.
If I were starting my GDPR compliance journey, the first thing I would do is a gap assessment. There are many outstanding gap assessment tools available, including:
If I were starting my GDPR compliance journey, the first thing I would do is a gap assessment. There are many outstanding gap assessment tools available, including:
- Data Protection Self Assessment
https://ico.org.uk/for-organisations/data-protection-self-assessment/
- ISACA-CMMI GDPR Assessment (requires ISACA membership)
http://www.isaca.org/knowledge-center/research/researchdeliverables/pages/isaca-cmmi-gdpr-assessment.aspx
- Nymity GDPR Readiness Assessment Questions
https://info.nymity.com/gdpr-compliance-toolkit
One thing I dislike about these tools is they think of an organization as a single entity: What gaps does the ORGANIZATION have? That's great for providing status to the board or senior management, but not great if you are trying to work with individual departments on compliance.
To that end, I've updated a spreadsheet I used for performing a gap assessment in my organization
The spreadsheet has tabs for different parts of the organization like HR, Sales & Marketing, Product Development and others. Each tab has a set of GDPR compliance questions for different processes in the organization. For example, there's a set of questions around data collected for recruiting and for managing employees.
Now I have a tab in a spreadsheet that I can use when I talk with Human Resources, and another tab when talking to Product Development.
The assessment tabs roll-up into a Executive Summary tab which gives an overview of the total compliance effort.
The spreadsheet can be easily adapted to other organizations. Feel free to edit, change, steal, share, or use this GDPR Gap Assessment spreadsheet for inspiration.
Thanks Laura!
ReplyDeleteFabulous resource Mike, thank you so much for sharing.
ReplyDeleteThanks Audrey! Hope it makes your job easier!
DeleteThank you Mike. The template will be extremely helpful. Do you also have a template on the GAP Analysis report?
ReplyDeleteThis is a great template, thank you! Do you have anything similar for CCPA, CDPA, or PIPEDA?
ReplyDeleteHi Chelsea! I've been wanting to create similar templates but haven't had time. I'll let you know if I do!
ReplyDeleteMike
Many thax. awesome tool !
ReplyDelete