GDPR Gap Analysis

The advent of the EUs General Data Protection Regulation (May 2018) . will have significant consequences for business who control or process personally identifiable information for European residents, regardless of the jurisdiction of their operations and assets. Failure to comply with GDPR could have significant financial consequences (up to 4% of revenue) and carry significant reputational risks also. Preparing for the GDPR requires a clear and comprehensive analysis of your organization's current data inventory, process and jurisdictional mapping of data flows and a comparison to GDPR requirements. Most importantly, any remediation recommendation needs to account for efficient and cost effective real-world circumstances.

Privalis Group has developed a GDPR gap analysis methodology that is thorough, comprehensive and supports remediation efforts towards May 18, 2018. Leveraging our advanced survey design and methodologies, we develop a clear picture of what your organization understands and knows about its internal processes and the data those processes are generating.

Secondly, Privalis Group utilizes cutting edge data scanning technologies to identify the personally identifiable data you're carrying across your organization. Find the data you didn't know you have. Locate that data and inventory it directly to your work processes. Log and audit each legal basis for collection and storage. Using this approach within our gap analysis, Privalis Group assists our clients in:

  • Empirically identifying data risk by auditing PII, correlating to single data subject identities and their country of residence;
  • Mapping jurisdictional and process flow risks;
  • Tailored scoring and longitudinal risk analysis from compliance and security standpoints;
  • Overcoming the more technical challenges in managing data subject requests;
  • Overcoming limitations of surveys caused by staff attrition and lack of peripheral vision; and
  • Easily work across big data sets.

Measuring the gap between policy and law is easy. The gaps between policy and praxis is where your real risk lies.


Data Discovery and Inventorying

Discovering PII where it is residing across structured and unstructured data sources (even the data you didn't know you were carrying) and correlating PII to single identities.


Data Mapping

Privalis Data maps identify data flows by work process and by jurisdictions as that data travels between data subjects, servers and applications.


Measures gaps between policy and praxis.




Dynamic Risk Assessments & Breach Correlation