GDPR Maturity Assessment

GDPR Maturity Assessments

CSS provide GDPR Maturity Assessments for a broad range of industries.  Our expert consultants are highly trained specialists with many years experience in data protection and information security.


The CSS approach

At CSS we appreciate how busy our customers are and how confusing and technical the new General Data Protection Regulation (GDPR) can be for your business. Our aim, and what makes CSS different, is that we make the development of your GDPR compliance as simple and painless as possible. We pride ourselves in our ability to guide, educate, inform and explain in simple, clear non-tech language what your business needs to be compliant, resilient and survive in the current Digital Economy.


How much does a GDPR Maturity Assessment cost?

The fee for a GDPR maturity assessment starts at £1750 excl VAT for small businesses.


What is the purpose of a GDPR Maturity Assessment?

The GDPR Maturity Assessment provides your business with an assessment of your data protection compliance against the EU’s regulation and Information Commissioner’s Office best practice. It enables your business to understand whether your existing data protection controls, if any, are sufficient, need developing or need establishing. By fully understanding your business’ data protection maturity a clear, coherent and prioritised strategy can be implemented.


Why is a GDPR Maturity Assessment necessary and important?

The EU’s General Data Protection Regulation (GDPR) comes into effect on 25 May 18. This will be enforced pre-Brexit, and the UK Government have demonstrated their commitment to establishing it in UK law post-Brexit with their Data Protection Bill.


Unlike cyber security, GDPR compliance is mandatory.  Significant financial penalties existing for those organisations that fail to adequately protect the data they hold, and report any data breaches within 72hrs. Should a breach occur, the organisation may be further vulnerable to affected parties seeking financial compensation, as well as the strategic threat to reputation and trust.


The GDPR replaces the Data Protection Act and changes significantly the controls and processes governing how data (of both employees, customers, suppliers and donors) must be managed and protected.


What does a GDPR Maturity Assessment assess?

A GDPR Maturity Assessment assesses your data protection maturity and compliance against the EU General Data Protection Regulation, guidance by the Information Commissioner’s Officer (ICO) and other relevant standards, including the National Cyber Security Centre (NCSC), Cyber Essentials and ISO 27001.


Uniquely, our GDPR Maturity Assessments can consider your cyber and data protection maturity together. This provides a coherent dovetailed approach to your overall information security. The CSS GDPR Maturity Assessment considers at minimum the following controls:


What is the output of a GDPR Maturity Assessment?

Following your GDPR Maturity Assessment your business will receive a comprehensive maturity report. It will detail our findings and your maturity against all the recommended GDPR compliance controls. It will highlight any GDPR vulnerabilities, risks and shortfalls that you have and recommended prioritised action/treatments to address them. Your business is then at liberty to use the report how you see fit, or with CSS’ support should you so required.


How does a GDPR Maturity Assessment work?

The audit takes one day onsite and will require input from senior stakeholders.  In order to maximise audit time on the day, the completion of a pre-audit questionnaire and consolidation of relevant policy and process information is required for analysis prior to our arrival. The assessment includes:


• Presentation on the assessment process.
• Review of pre-audit questionnaire findings and follow-on actions.
• Analysis of each control area.
• Wash up.