Data Protection Services

Data Protection GAP Analysis

Our Data Protection Gap Analysis packages are an ideal way to find the current state of your Data Protection compliance mapped against GDPR, ISO 277001 or your local Data Protection Legislation. It analyses your business policies, processes, and technology, and identify areas in need of improvement. It’s suitable for business at all stages of the Data Protection journey, delivered via on-site and off-site activities. It’s the first step on the road to Data Protection compliance and forms the basis of our Data Protection implementation service. 

Our Data Protection GAP Analysis would

  • Raise client awareness about Data Protection and individuals’ rights (senior management briefing)
  • Review the core business processes and operations
  • Review any other legal/regulatory/compliance requirements
  • Data discovery process for all affected assets, including any ingress and egress paths with clients and third-parties
  • High-level review of existing security and privacy controls
  • Review any existing policies and procedures that have a direct or indirect impact on data privacy
  • Review previous audits and security assessments for the affected assets 


At the end of the project, we will provide a report that will:


  • A full breakdown on Data Protection status within your organisation, structured by the individual GDPR Principles
  • Review of Privacy Policy and Data Protection related policies and procedures
  • Recommendations and reviews based on best practices
  • Recommendations for achieving Data Protection compliance

“Putting Data protection at the center of digital transformation strategies is the key to improving trust and digital growth"

Deputy Commissioner of the ICO UK

Privacy Maturity Assessment Framework

Our Privacy Maturity Assessment Framework based on AICPA/CICA General Privacy Principles and adapted from the model utilised by the Privacy Commissioner of New Zealand has been developed to help organisations meet the core expectations in data protection management and governance.

The Framework enables organisations to understand their current level of capability maturity in managing data protection and identify where they can improve to meet the core expectations.

The Framework is made up of 9 elements, each of which contributes to an agency’s overall data protection  environment.

Assessing Maturity Levels

Using the Framework, maturity is assessed through a continuum of the following 5 possible maturity levels.  

  1. Ad hoc — Unstructured approach where Data Protection policies, processes and practices are not sufficiently defined or documented. 
  2. Developing — Data Protection management is viewed as a compliance exercise and the overall approach is largely reactive with some documented guidelines. 
  3. Defined — Privacy policies, processes and practices are defined and comprehensive to meet the operating needs of the agency and are consistently implemented throughout. 
  4. Embedded — Data Protection management is embedded into the design and functionality of business processes and systems and is consistent across the agency. 
  5. Optimised — Data Protection management is viewed as a strategic initiative with a clear agency culture of continual improvement. 


You will need to appoint a dedicated internal coordinator who can be the primary point of contact for the Equigov Institute.  Given the wide-reaching impact of Data Protection, we will need input from all business units to achieve the project objectives. 

This means involvement from senior management, HR/personnel, compliance, IT, sales, marketing, procurement, logistics, (and all other relevant departments), at various stages of the process. 


The Silver Data Protection Gap Analysis package is designed for single-site businesses, with
20 or fewer employees. 


Our Medium Business Data Protection Gap Analysis package is for organisations with 21-200 staff members at up to two locations. 


For large enterprises with over 200 employees or organisations who work across multiple locations locally regionally or internationally, we offer our Enterprise Data Protection Gap Analysis package.