This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

The EU General Data Protection Regulation (GDPR)

From 25 May 2018, the EU General Data Protection Regulation (GDPR) will affect every UK organisation that processes the personal data of EU residents.

More extensive in scope and application than the current Data Protection Act (DPA), the Regulation extended individuals’ data rights, and requires organisations to develop clear policies and procedures to protect personal data, and adopt technical and organisational measures appropriate to identified risks.

The final text of the GDPR can be read here >>

 

The Brexit question

UK organisations handling personal data will still need to comply with the GDPR, regardless of Brexit. The GDPR will come into force before the UK leaves the European Union, and the government has confirmed that the regulation will apply, a position confirmed by the Information Commissioner.

 

Penalties

The Regulation mandates considerably tougher penalties than the DPA: organisations found in breach of the Regulation can expect administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater. Fines of this scale could very easily lead to business insolvency. Data breaches are commonplace and increase in scale and severity every day. As Verizon’s 2016 Data Breach Investigations Report reaffirms, “no locale, industry or organization is bulletproof when it comes to the compromise of data”, so it is vital that all organisations are aware of their new obligations so that they can prepare accordingly.

For more information on GDPR penalties, click here >>

 

The key changes introduced by the Regulation

The GDPR introduces a number of key changes for organisations. Click the headers below for more details:

  1. If your business is not in the EU, you will still have to comply with the Regulation
  2. The definition of personal data is broader, bringing more data into the regulated perimeter
  3. Consent will be necessary to process children’s data
  4. Changes to the rules for obtaining valid consent
  5. The appointment of a data protection officer (DPO) will be mandatory for certain companies
  6. The introduction of mandatory privacy risk impact assessments
  7. New data breach notification requirements
  8. The right to be forgotten
  9. The international transfer of data
  10. Data processor responsibilities
  11. Data portability
  12. Privacy by design
  13. One-stop shop
 

How IT Governance can help

IT Governance has wide-ranging data protection expertise to help organisations prepare for the GDPR. We offer a comprehensive suite of information resources, solutions and consultancy services including:

Webinars

Watch our privacy experts guide you through the various requirements of the Regulation.

Click here to watch webinar recordings >>

 

GDPR training courses

 

  • Certified EU GDPR Foundation training course

    This comprehensive training course will offer a solid introduction to the GDPR, and provide a practical understanding of the implications and legal requirements of the regulation, culminating in an official certification from the International Board of IT Governance Qualifications (IBITGQ).

    All of our training courses are available in classroom, Live Online and distance learning formats.

 

  • Certified EU GDPR Practitioner training course

    This course will enable delegates to fulfil the role of data protection officer (DPO) under the GDPR, and will cover the Regulation in depth, including implementation requirements, the necessary policies and processes, and important elements of effective data security management.

    All of our training courses are available in classroom, Live Online and distance learning formats.

 

  • Data Protection impact assessments training

    This one-day workshop covers when to conduct a DPIA under the GDPR, and uses a real-life case study to demonstrate best practices and methodologies, including the application of a DPIA tool to help assess and address privacy risks.

 

GDPR compliance tools

 

  • EU GDPR Compliance Gap Assessment Tool

    This questionnaire-driven planning tool provides a high-level assessment of your organisation’s current level of compliance with the GDPR, and helps prioritise remediation.

 

  • EU GDPR Documentation toolkit

    A full set of policies and procedures enabling your organisation to comply with the EU GDPR. These templates are fully customisable and significantly reduce the burden of developing the necessary documents to achieve legal compliance.

 

  • EU GDPR pocket guide

    The perfect introduction to the principles of data privacy and the GDPR, this guide is the ideal resource for anyone wanting a clear, concise primer on data protection.

 

 

Advice and consultancy

 

  • EU GDPR data flow audit

    Our privacy experts provide a data inventory and flow map of the personal data held and shared by your organisation. This forms the basis for assessing your organisation’s information privacy and security risks.

     

    GDPR Gap Analysis

    A targeted assessment of your compliance with the GDPR: our privacy experts provide a detailed assessment of your readiness, key gaps and risks.

 

Contact us today to discuss your compliance requirements with us by emailing servicecentre@itgovernance.co.uk or calling +44 (0)845 070 1750.