GDPR - The EU General Data Protection Regulation

What you need to know for your business.


What is GDPR?

The General Data Protection Regulation (Regulation (EU) 2016/679) is a European Parliament regulation which aims to unify data protection rules across the whole of EU, it also controls the export of personal data from the EU. It was issued on 27 April 2016, and becomes enforceable from 25th May 2018. GDPR covers personally identifiable data about any “living person” in the EU (or stored by an EU-based business), and it is designed to provide rights and protects for that person – the “data subject“.


Does it affect me?

You don’t have to be within the EU for GDPR to apply. If you are processing personal data relating to any living person within the European Union, you must comply with the regulations in the way that you handle that data. Complying with the requirements of GDPR is not optional and people can not waive their rights to protection under GDPR.


What are the Penalties for Failing to Comply?

The penalties are much more significant than with previous data protection and privacy legislation. Organisations found in breach can be fined up to 4% of their annual global turnover or €20 million, whichever is greater. This makes it even more important that you understand the GDPR and how it affects your business.

Time left until the GDPR comes into force...








Useful Resources

GDPR - Full Text

Full text of the GDPR and its recitals (173).

GDPR Overview (ICO)

An overview of the General Data Protection Regulation from the UK Information Commissioner’s Office.

A Risk-Based Approach to GDPR

The Fair Data approach to GDPR compliance.

The Benefits of GDPR

A benefits analysis researched by London Economics, for the UK Department for Culture, Media & Sport.

NCSC- 10 Steps to Cyber Security

National Cyber Security Centre (UK) guidance on Cyber Security.

ICO self assessment toolkit

Checklists from the UK’s Information Commissioners office, to assess your compliance with the Data Protection Act and find out what you need to do, including guidance on getting ready for GDPR

Privacy Impact Assessment Guidance

Privacy Impact Assessment guidance and resources from the UK Information Commissioner’s Office.

Accountability and Governance

UK Information Commissioner’s Office guidance on provisions for accountability and governance, including “he accountability principle” and guidance on records of processing activities.

Privacy by Design

The original approach to privacy by design, from the Information and Privacy Commissioner, Canada.

Privacy Shield

The US response to EU and Swiss data protection regulations, to enable data transfers under EU law (see the adequacy determination) and  Swiss Law.

Brexit and the GDPR

UK organisations handling personal data will need to comply with the GDPR, regardless of Brexit. The GDPR comes into force before the UK leaves the European Union and the government and the Information Commissioner have confirmed that the regulation will apply, and that the UK will continue to follow a compatible regime.


Using our suite of tools you can prepare for and stay compliant with the GDPR.  Ask us about our:

  • GDPR action list generator
  • compliance timeline plan
  • GDPR audit questionnaire
  • GDPR systems audit and mapping
  • GDPR risk assessment
  • GDPR staff training tool and training log
  • GDPR records processing tool
  • GDPR supplier and vendor assessments
  • DSAR handling tool
  • breach notification handling tool
  • policy handling for GDPR
  • staff offboarding questionnaire