PCI DSS compliance help and advice from the experts
DPACompliance Gap Analysis is the starting block for your data protection compliance efforts. It provides a detailed comparison of what your business is currently doing against what it should be doing to achieve compliance to the Data Protection Act (DPA). The analysis reviews the current processes and controls you have in place to protect Personal Data and Sensitive Personal Data and those recommended for compliance to the regulation.
DPACompliance Gap Analysis only needs to be performed once to obtain a list of the specific activities required for compliance. Once compliant, you would then verify compliance every year.
It is the first and most critical step. Because conducting gap analysis results in a list of specific, prioritised actions your business needs to implement in order to become complaint to the DPA. This takes the guess work out of things and helps your business focus on making real (cost-effective) compliance progress. The output is also fundamental for identifying compliance project management challenges and creating timelines, budgets and identifying resources required for compliance activities. The output creates your “road-map” to compliance.
Conduct an on-site analysis of your current operations and controls against those recommended for compliance to the U.K. DPA Principles.
Interview your business key compliance stakeholders and confirm the evidence produced by your operations and controls against that required by the DPA.
Conduct a technical security vulnerability assessment of your existing exterior-facing network security controls.
Analyse the findings and produce a detailed report identifying the existing gap between your operations and controls and those required for DPA compliance.
Produce a prioritised list of activities for your business to undertake to obtain compliance