Ghost
ResourcesPricingSecurity
Get started
ResourcesRegister gap analysis and review

On this page

  • Why gap analysis matters
  • The Gap Analysis page
  • The Review Queue
  • A practical workflow
  • Tips

Register gap analysis and review

Deep dive: use the Gap Analysis page and Review Queue to keep your register complete, current, and audit-ready.

Last updated April 2026

Why gap analysis matters

A Article 30 register is only useful if it is complete and current. Most privacy frameworks expect your register to accurately reflect your processing at all times, not just when an auditor asks for it. Gap Analysis and the Review Queue are the two tools in the Article 30 Register that help you stay on top of quality.

Open the Article 30 Register from the header tools menu. Both pages are accessible from the Article 30 register sidebar: Gap Analysis and Review Queue.

The Gap Analysis page

Gap Analysis scans every processing activity in the active matter and flags problems:

  • Missing required fields: if a record is missing a legal basis, controller, purpose, or other required register field, it shows up as a red chip next to the activity.
  • Transfers without safeguards: any international transfer that lacks a documented safeguard (adequacy decision, SCCs, BCRs, etc.) is flagged.
  • Other compliance gaps: additional checks that evolve as Ghost adds more validation rules.

At the top of the page you see two headline metrics:

  • Overall compliance score as a percentage that rises as you fill in missing fields and resolve issues.
  • Activities needing attention, the count of records with at least one gap.

Below the metrics, activities are grouped into Needs attention, Stale review, and Complete. Click any activity to jump to its detail page, fix the gaps, and save. The score recalculates automatically.

The Review Queue

Privacy law does not prescribe a fixed review cycle, but most organisations aim for at least once every twelve months per activity. The Review Queue surfaces activities that are due or overdue for review so you can work through them without scanning the full register.

The page shows three stat tiles:

  • Due for review: how many activities need reviewing now.
  • Up to date: how many have been reviewed recently.
  • Review coverage: the percentage of activities that are within their review window.

Below the tiles you see the list of due activities. For each one you can:

  1. Click the activity name to open its detail page and review each field.
  2. Confirm or update the information, then click Mark as reviewed. The review date resets and the activity drops out of the queue until the next cycle.

A Recently reviewed section below the due list shows activities you or your colleagues have recently completed, so you can track team progress.

A practical workflow

  1. Start each review cycle with Gap Analysis. Fix missing fields and transfer safeguards first so every record is structurally complete.
  2. Then move to the Review Queue. Work through due activities, confirming that each field still reflects reality (purposes may have changed, new recipients may have been added, retention periods may need adjusting).
  3. After completing both passes, check the compliance score. Aim for 100 % and zero activities needing attention.
  4. Export a fresh copy of the register (PDF or Excel) from the Export page to keep an off-platform snapshot for audits.

Tips

  • Set a recurring calendar reminder (quarterly or monthly) to open the Review Queue and work through any due activities.
  • Distribute reviews across the team. The people who own each processing activity (IT, HR, marketing) are best placed to confirm the details are still accurate.
  • Use the compliance score trend over time to show management that register quality is improving.

For the full Article 30 Register walkthrough, start with Article 30 Register overview.

PreviousArticle 30 Register overviewNextCompliance hub overview
© 2026 Ghost. All rights reserved.
ResourcesPrivacyTermsSecurity