Data Protection Assessment

Is your organization ready for EU GDPR?

EU General Data Protection Regulation (GDPR) became law on May 25th 2018.

Compliance is mandatory for organizations operating within the EU.

Our early findings indicate the following:

  • Staff are unprepared for GDPR
  • Majority of breaches will comes from internal sources, not external
  • To be effective, GDPR strategy has to come from the business and IT, not just IT, and from the C-Level
  • Organizations need to focus on building data handling policies after tackling low-hanging fruit

Organizations need to ensure that they have the capabilities, resources, skills and comprehensive understanding of consumer data protection governance to mitigate against threats to data security and a potential data breach.

Our EU GDPR Readiness Assessment has been specifically created to quickly help organizations understand their current data risks and exposures in time for EU GDPR legislation.

Is your organization GDPR Ready?


Do you have to rely on consent? Are you aware of the new consent requirements?

User Awareness

Do you have the required education program in place?

Privacy Policies

Do your privacy policies contain the required information?

Data Protection Officer

Do you need to appoint a Data Protection Officer? Are you aware of their new duties?

What will you get after completing our GDPR Assessment?


An in-depth analysis of organisational and individual capability in relation to Data protection


Identify capability gaps and define capability improvement paths


As far as possible, ensure that your organisation is GDPR compliant

How will your organization benefit?

Our Assessment will help your organization:

1. Show how you might be open to data breach & help to mitigate that risk
4. Increase alignment between your IT compliance needs & your organization’s goals
2. Highlight areas where you need to do more to get compliant
5. Identify customer data security processes now vs. how it needs to be handled
3. Respond to data protection incidences in an agile and effective way
6. Define a plan to continue to measure and increase your organization’s maturity

How is our GDPR Assessment different to others offered in the market?

Because we focus on Compliance as well as Capability.

Focusing on Compliance will result in:

Identification of Predictable risks


Well-documented Business Processes


Reduce propensity of risks


Satisfy today’s legislative requirements

Focusing on Capability will result in:

Having a high level ofadherence to processes


Measuring adherence to processes


Anticipating and responding well to future events


Highly Auditable


Constant Improvement of processes


Identifying & preparing for new threats as they emerge


Being more effective in damage limitation and correction when risks are realised

How does it work?

Online assessment built on strong academic and commercial foundation

Designed to quickly discover an orgs ability to protect personal data

Cuts across both business and IT

Examines the people, the processes and the management of data protection

“IT-CMF provides us with a structured and systematic approach to identify the capabilities we need, a way to assess our strengths and weaknesses, and clear pathways to improve our performance.”

Mattias Craig, Head of Performance & Value Management, BNY Mellon

Download our free guide to find out more about how our EU GDPR Assessment can help your organization