General Data Protection Regulation – GDPR

Ensure your compliance with GDPR. We use up-to-the-minute assessment and auditing frameworks to assess your compliance status.

GDPR Auditing Overview


The GDPR is an EU Regulation intended to mandate how organisations manage Personal and Sensitive data.

The GDPR aims to strengthen EU residents’ fundamental rights and freedoms in the digital age and to provide enhanced protections for EU residents’ personal data.

It also modernises and unifies diverse existing legislation across the EU Single Market, thus bringing greater legal certainty and reduced operating risk for companies that have to account for the diverse laws and enforcement regimes of 28 EU Member States when operating in Europe.

The GDPR enforces new rights for EU residents and for any other data subjects whose data is processed in the EU, as well as placing new obligations on organisations and introducing new powers for supervisory authorities. A number of requirements are particularly significant for an organisation and must be clearly understood if fines and sanctions are to be avoided.


The GDPR And Other Data Protection Requirements

The GDPR is not the only data protection obligation with which an organisation needs to comply and therefore should be treated as part of a broader data protection management system that encompasses the people, processes and technologies used to control personal data processing.

This can include requirements from a variety of sources, such as: local legislation, case law and treaties; sector-specific regulatory requirements; and commercial obligations arising from contractual terms and publicised organisational commitments for personal data processing (e.g. privacy notices and terms and conditions).

These sources, combined with an organisation’s values, attitude to risk and compliance demands, largely determine how personal data is protected. Whilst values, risk and compliance are often in tension, an organisation can take a holistic approach where its values guide the balance between risk and compliance.


How To Prepare For GDPR

Preparing For GDPR
Preparing For GDPR

ITSecurity.Org can help you understand your obligations and can help you minimize the scope of compliance.

The high-level process for preparing for GDPR is simple. It is the detail that is challenging. Ensuring that all business processes are in compliance with GDPR can be challenging. You need a GDPR experienced consultant to help you through the entire GDPR compliance to ensure that you will be fully compliant.

ITSecurity.Org can help you through every stage of the GDPR Project lifecycle including:

GDPR Project Start Up Meeting

Stage 1: Project Initiation

Project Initiation Document

Project Plan

Communications Plan

Project Governance

Risk Committee Meetings

Project Board Meetings

Progress Workshops

Project Status Reports

Workstream reporting templates


Stage 2: Project Execution

Data Gathering

Data Analysis


1.1 Data Retention

1.1.1 Paper Storage

1.1.2 Electronic Storage

1.2 Consent

1.3 Biometric Data

1.4 Privacy Notices

1.5 Subject Access Requests

1.6 Rectification

1.7 Data Portability

1.8 Data Protection

1.9 Records Of Processing Activities

1.10 Breach Notification

To the ICO, Controller And To the Data Subjects

1.11 Data Privacy Impact Assessment and Prior Consultation

1.12 Right To Be Forgotten

1.13 Children

1.14 Personal Data Definition

1.15 Data processors and Sub-Processors

1.15.1 Contractual Terms

1.15.2 Joint Data Controllers

Project Finalisation And Closure