This page answers frequently asked questions about the GDPR (General Data Protection Regulation).

Questions are grouped by topic – simply use the links below to find the answers you need.

If you have a general question that isn’t answered here, let us know and we’ll do our best to update this page.

Alternatively, if you have a more complex query, why not talk to one of our consultants using our GDPR Ask Us service?

UK data protection law is currently being revised. We are following the progress of the Data Protection and Digital Information (No.2) Bill through parliament and will keep you updated on how it might affect your data processing obligations.


  • What is the GDPR?
  • What is the difference between EU regulations and directives?
  • Where can I find the full text of the GDPR?
  • When did the GDPR take effect?
  • How does the GDPR relate to the DPA (Data Protection Act) 2018
  • How will Brexit affect the GDPR?


  • Do I need a lot of documents to comply with the GDPR?
  • How do you write a GDPR privacy notice?
  • How do you write a GDPR data subject access request procedure?
  • How do you write a GDPR-compliant data protection policy?
  • How do you write a GDPR personal data breach notification procedure?
  • How do you comply with Article 30 of the GDPR?


  • How do you report a personal data breach?
  • What are the penalties for not complying with the GDPR?
  • What happens if I have missed the GDPR enforcement deadline?


  • What are the GDPR’s rules on security?
  • What are the GDPR’s data processing principles?
  • What lawful bases for processing should we use, and do we always need consent?
  • What rights do individuals (data subjects) have under the GDPR?
  • Does my organisation need to register under the GDPR?
  • How can ISO 27001 help me comply with the GDPR?
  • Why are risk assessments essential for GDPR compliance and how do you perform them?

Data protection officer

  • Which organisations must appoint a DPO (data protection officer) under the GDPR?
  • Can organisations share a DPO (data protection officer)?


  • What sort of data processing does the GDPR apply to?
  • How does the GDPR define personal data?
  • How does the GDPR affect businesses outside the EU?
  • What is a data breach under the GDPR?
  • What is the difference between personal data and sensitive data under the GDPR?
  • What is the difference between a data processor and a data controller under the GDPR?
This website uses cookies. View our cookie policy
SAVE 10%