GDPR Compliance

The companies and SMEs we work with in London and elsewhere know that the General Data Protection Regulation (GDPR) comes into force next year. They are now seriously getting to grips with what they need to do to ensure their organisations don’t fall foul of the new rules governing data processing. For many this means undergoing a rigorous GDPR gap analysis or privacy audit to ensure their data collection processes and procedures comply with the GDPR and other legislation.


Sanctions under GDPR are much heavier than under the current penalty regime. So from a purely financial perspective it makes sense to take all necessary steps to comply with the law. But as the Boomerang Video case shows it’s not just about strict legal compliance. The risk to your brand and reputation of a data breach are perhaps even greater than any penalty imposed by a regulator. In today’s security-focused commercial environment if your customers and other stakeholders don’t trust you to manage their personal information, you won’t be in business for long.

A GDPR gap analysis from Big Data Law does two things:

  • It demonstrates to external regulators that your company has addressed its legal obligations.
  • It gives you and your stakeholders the peace of mind of knowing that security is being held and processed in the correct manner.


Our gap analysis focuses on the risks to your organisation posed by your current methods of gathering and processing personal information. We examine the data security practices across your organisation, assess them in relation to GDPR and other relevant legislation and identify any shortcomings. The procedure can be broken down into four phases:

  • Planning – We review relevant internal documentation and frame a bespoke questionnaire for your business to be used in the gap analysis exercise
  • Information gathering – Questionnaires are completed and we liaise closely with key staff in your organisation to find out about how information is collected, used and stored
  • Report stage – We deliver a comprehensive audit report identifying risks and providing recommendations to mitigate these
  • Implementation – Following through on the report we help you put a new compliance framework in place


The questionnaire is key to the effectiveness of any gap analysis. So we will spend some time with relevant figures in your organisation to ensure all necessary information will be captured. The type of questions we usually ask include the following:

  • For what purpose is the company gathering the information?
  • What type of individual does the information belong to?
  • What precise type of information is being gathered?
  • How does your organisation collect the data?
  • Do you get the individual’s permission to collect the data?
  • Could you anonymise the data and still use it for the purpose intended?
  • Do you keep the data under review during the time you hold it?
  • How do you store the personal information?
  • How do you protect it from unauthorized access or disclosure?
  • Do you pass the data on to anyone?
  • Can individuals control how their information is used?
  • How do you delete data you no longer need?

Whatever the size your organisation, if you handle personal data you must comply with the relevant legislation, including GDPR. A gap analysis is the starting point – a risk assessment that indicates your organisation takes data security seriously.

While there is a degree of investment involved in the information gathering and implementation stages, a well-developed data security framework will increasingly be seen as a business asset. One that sends a signal to both regulators and your stakeholders that you are on top of data security issues. Reviews like this can also expose outdated practices that unnecessarily burden your business. For example retaining information for longer than needed.

To find out more about our GDPR compliance audits, call us on +44 (0) 7545 813 894 or  contact us online. We would be happy to give you a no-obligation quote for our work before you make any commitments.


Shuba provided excellent help in a very tough case, and acted above and beyond my expectations. With her friendliness, passion, and a wealth of knowledge, she made me feel comfortable in a trying time, and her professional services led to quick results in my case. I can highly recommend her services.

Cecilie Harris ***** See more reviews


Shubha Nath is director of Nath Solicitors, a boutique London law firm specialising in commercial contracts, company laws (formation/shareholder matters/M&A) and private and commercial dispute resolution.


When we state we partner with you to achieve results, it’s not just a slogan. Many of our solicitors have spent years working in the City, and we are passionate about business and helping our clients achieve their objectives.

See more on Nath

Shubha Nath