The EU General Data Protection Regulation becomes law within the EU in May 2018.
General Data Protection Regulation

GDPR Risk Assessment | Outsourced dpo services

 The GDPR applies to any organization anywhere  that collects, holds or processes personal data that 

originates in the European Union. Selling goods or  services, advertising and marketing or any form of  behavioral monitoring are the major activities that fall  under the GDPR. gdpr experts uk

GDPR Services

GDPR  Gap Assessment

GDPR Assessment

GDPR Assessment  will cover four main areas: 

  1. GDPR Principles: The key requirements of the GDPR that need to be covered as part of your implementation of the regulation. 
  2. Data Subject Rights: Under the GDPR, as was the case with the old Data Protection Act  1998, individuals that you are holding & processing personal data on have certain rights. These need to be fully covered in your implementation of the Regulations Principle 
  3. Controller & Processor Obligations: Your organisation will be deemed as either a Controller or Processor of personal data, or more likely both, depending on what you are doing with the personal data you hold. Under GDPR there are a list of further obligations that you will need to fulfil depending on what you are deemed to be. 
  4. Transfer Of Personal Data: Any transfer & further processing of data, either inter-company related or externally to suppliers etc, within the EU or outside its borders, needs to managed in line with certain GDPR requirements. These will again need to be adhered to. gdpr implementation consultant gdpr audit london Manchester

GDPR Implementation

GDPR End to End Implementation

  Full Compliance Life cycle  - Plan>Audit>Assess> Implement


“To be able to effectively govern the GDPR an organization needs to be

able to create a compliance programme that assesses, delivers and then supports on going compliance in to the future”

GDPR Data Mapping

GDPR Data Mapping Solutions

Mapping your Data Flow from various process 


Understanding what personal data you collect, hold and process, and why, is a key part of the data protection impact assessment process, which is a requirement of the GDPR. The same data may be used for many different purposes and it is essential to clarify not only the data but the lawful justification of the many uses of that data that is important for compliance. 

Understanding how safe the personal data are with third parties can also be a headache as some companies are better than others at responding to requests for information; hence persistence may be called for.  


GDPR Glossary

GDPR Ready Info

Roles and Responsibilities :The main roles that may be involved in GDPR compliance, together with their relevant responsibilities The roles required will depend on whether your organisation is a controller or processor or both and whether your processing meets the criteria for a data processing officer.  

Data Controller –  The GDPR defines a “controller” as “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data” 

Data Processor –  The GDPR defines a “processor” as “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller” 

Data Mapping –  Data mapping and Records of Processing activities and their regular update and


Data Protection Impact Assessment - The Key Object of DPIA is to ensure that all serious risks personal data that need treatment are identified so something can be done about them.

Data Subject Request  – The GDPR provides the data subject with a wide range of rights that may be exercised over their personal data and it is important that the organisation is ready for them to ask for these rights and can meet requests in the timescales required.  The way in which the various types of request are processed in your organisation will vary according to the personal data involved and the ways in which it is stored and processed.

Privacy Notices The issuance of privacy notices at point of collection and regular intervals and

containing the required information for different data subjects.

Records Management Completeness and accuracy of managing electronic and manual personal data,including controls over the creation, maintenance,storage, movement, retention and destruction of personal data records.

Personal Data Breach – The GDPR is specific in terms of the information that must be provided to the supervisory authority if a breach happens and the conditions that must be met if notification to data subjects is required. It is important to understand these requirements and be able to take considered decisions regarding notification that not only comply with the GDPR, but also meet the organisation’s business and ethical needs and aspirations.  

Information Risk The application of a privacy by design approach, information management risks

managed via data protection impact assessments to manage risks throughout the organisation and

regular review of the risks.

GDPR Quick Check

COLLECT  personal information from data subjects in the EU for any purpose? Yes / NO 

PROCESS : EU personal data (e.g. for salary)? Yes / NO 

STORE : EU personal data?Yes / NO 


If you checked “yes” to any of these, the GDPR applies. You may be subject to 

enforcement and fines.

 Note: If you are a data controller or processor, you must comply with the GDPR