This page answers frequently asked questions about the GDPR (General Data Protection Regulation).

Questions are grouped by topic – simply use the links below to find the answers you need.

If you have a general question that isn’t answered here, let us know and we’ll do our best to update this page.

Alternatively, if you have a more complex query, why not talk to one of our consultants using our GDPR Ask Us service?


  • What is the GDPR?
  • What is the difference between EU regulations and directives?
  • Where can I find the full text of the GDPR?
  • When did the GDPR take effect?
  • How does the GDPR relate to the DPA (Data Protection Act) 2018
  • How will Brexit affect the GDPR?


  • Do I need a lot of documents to comply with the GDPR?
  • How do you write a GDPR privacy notice?
  • How do you write a GDPR data subject access request procedure?
  • How do you write a GDPR-compliant data protection policy?
  • How do you write a GDPR personal data breach notification procedure?
  • How do you comply with Article 30 of the GDPR?


  • How do you report a personal data breach?
  • What are the penalties for not complying with the GDPR?
  • What happens if I have missed the GDPR enforcement deadline?


  • What are the GDPR’s rules on security?
  • What are the GDPR’s data processing principles?
  • What lawful bases for processing should we use, and do we always need consent?
  • What rights do individuals (data subjects) have under the GDPR?
  • Does my organisation need to register under the GDPR?
  • How can ISO 27001 help me comply with the GDPR?
  • Why are risk assessments essential for GDPR compliance and how do you perform them?

Data protection officer

  • Which organisations must appoint a DPO (data protection officer) under the GDPR?
  • Can organisations share a DPO (data protection officer)?


  • What sort of data processing does the GDPR apply to?
  • How does the GDPR define personal data?
  • How does the GDPR affect businesses outside the EU?
  • What is a data breach under the GDPR?
  • What is the difference between personal data and sensitive data under the GDPR?
  • What is the difference between a data processor and a data controller under the GDPR?
This website uses cookies. View our cookie policy
WIN £100