Coming May 25th 2018

The General Data Protection Regulation (GDPR) very significantly increases the obligations and responsibilities for organisations and businesses in how they collect, use and protect personal data. At the centre of the new law is the requirement for organisations and businesses to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities.

12 steps to being prepared


Becoming Aware

Review and enhance your organisation’s risk management processes – identify problem areas now.

Get More Info

Becoming Accountable

Make an inventory of all personal data you hold. Why do you hold it? Do you still need it? Is it safe?

Get More Info

Communicating with Staff and Service Users

Review all your data privacy notices and make sure you keep service users fully informed about how you use their data.

Get More Info

Personal Privacy Rights

Ensure your procedures cover all the rights individuals are entitled to, including deletion and data portability.

Get More Info

How will Access
Requests change?

Plan how you will handle requests within the new timescales – requests must be dealt with within one month.

Get More Info

What we mean when we talk about a ‘Legal Basis’

Are you relying on consent, legitimate interests or a legal enactment to collect and process the data? Do you meet the standards of the GDPR?

Get More Info

Using Customer Consent as grounds to process data

Review how you seek, obtain and record consent, and whether you need to make any changes to be GDPR ready.

Get More Info

Processing Children’s Data

Do you have adequate systems in place to verify individual ages and gather consent from guardians?

Get More Info

Data Protection Impact Assessments (DPIA) and Data Protection by Design and Default

Data privacy needs to be at the heart of all future projects.

Get More Info

Reporting Data Breaches

Are you ready for mandatory breach reporting? Make sure you have the procedures in place to detect, report and investigate a data breach.

Get More Info

Data Protection Officers

Will you be required to designate a DPO? Make sure that it’s someone who has the knowledge, support and authority to do the job effectively.

Get More Info

Cross-border processing and the one stop shop

The GDPR includes the one stop shop mechanism, which will be in place for organisations that are engaged in cross-border processing. Identify where your main establishment in the EU is located to identify your lead supervisory authority.

Get More Info