Help Centre

After a supplier completes their due diligence questionnaire, Folelse identifies compliance gaps — areas where their answers indicate they may not meet UK GDPR or NHS DSP requirements.

Viewing gaps

Go to Dashboard → Gaps for a consolidated view of all open compliance gaps across your entire supplier register. You can filter by supplier, severity, or gap type.

Gap severity levels

• Critical — a fundamental compliance failure (e.g. supplier has no DPA, no encryption). Requires immediate action before data sharing continues.
• High — significant risk (e.g. no sub-processor notification, no breach response procedure). Raise with the supplier and obtain written commitments.
• Medium — notable weakness (e.g. no formal staff training programme, no documented retention policy). Should be addressed in the next contract review.
• Low — minor improvement area. Monitor and follow up.

Responding to gaps

• Remediation Required — you have asked the supplier to fix the issue. Set a deadline and check back.
• Accepted Risk — you have assessed the gap and decided to accept the risk (e.g. the supplier is a large, regulated provider and the gap is minor). Document your reasoning.
• Escalated — the gap is serious enough to escalate to your DPO or senior leadership.
• Resolved — the supplier has addressed the gap. Attach evidence (e.g. their updated policy or certification).