General Data Protection Regulation – GDPR

Ensure your compliance with GDPR. We use up-to-the-minute assessment and auditing frameworks to assess your compliance status.

GDPR Auditing Overview


The GDPR is an EU Regulation intended to mandate how organisations manage Personal and Sensitive data.

The GDPR aims to strengthen EU residents’ fundamental rights and freedoms in the digital age and to provide enhanced protections for EU residents’ personal data.

It also modernises and unifies diverse existing legislation across the EU Single Market, thus bringing greater legal certainty and reduced operating risk for companies that have to account for the diverse laws and enforcement regimes of 28 EU Member States when operating in Europe.

The GDPR enforces new rights for EU residents and for any other data subjects whose data is processed in the EU, as well as placing new obligations on organisations and introducing new powers for supervisory authorities. A number of requirements are particularly significant for an organisation and must be clearly understood if fines and sanctions are to be avoided.


The GDPR And Other Data Protection Requirements

The GDPR is not the only data protection obligation with which an organisation needs to comply and therefore should be treated as part of a broader data protection management system that encompasses the people, processes and technologies used to control personal data processing.

This can include requirements from a variety of sources, such as: local legislation, case law and treaties; sector-specific regulatory requirements; and commercial obligations arising from contractual terms and publicised organisational commitments for personal data processing (e.g. privacy notices and terms and conditions).

These sources, combined with an organisation’s values, attitude to risk and compliance demands, largely determine how personal data is protected. Whilst values, risk and compliance are often in tension, an organisation can take a holistic approach where its values guide the balance between risk and compliance.


How To Prepare For GDPR

Preparing For GDPR
Preparing For GDPR

ITSecurity.Org can help you understand your obligations and can help you minimize the scope of compliance.

The high-level process for preparing for GDPR is simple. It is the detail that is challenging. Ensuring that all business processes are in compliance with GDPR can be challenging. You need a GDPR experienced consultant to help you through the entire GDPR compliance to ensure that you will be fully compliant.

ITSecurity.Org can help you through every stage of the GDPR Project lifecycle including:

GDPR Project Start Up Meeting

Stage 1: Project Initiation

Project Initiation Document

Project Plan

Communications Plan

Project Governance

Risk Committee Meetings

Project Board Meetings

Progress Workshops

Project Status Reports

Workstream reporting templates


Stage 2: Project Execution

Data Gathering

Data Analysis


1.1 Data Retention

1.1.1 Paper Storage

1.1.2 Electronic Storage

1.2 Consent

1.3 Biometric Data

1.4 Privacy Notices

1.5 Subject Access Requests

1.6 Rectification

1.7 Data Portability

1.8 Data Protection

1.9 Records Of Processing Activities

1.10 Breach Notification

To the ICO, Controller And To the Data Subjects

1.11 Data Privacy Impact Assessment and Prior Consultation

1.12 Right To Be Forgotten

1.13 Children

1.14 Personal Data Definition

1.15 Data processors and Sub-Processors

1.15.1 Contractual Terms

1.15.2 Joint Data Controllers

Project Finalisation And Closure


Application Security

Effectively assess, manage, and secure your organization’s web usage and business-critical applications.

Incident Response

Leverage experienced and certified consultants to help manage and respond to security incidents.

IT Security Governance

Better manage risk, compliance, and governance.

Network Security

Enable flexible, intelligent IT and network security solutions to combat Internet threats.

Policies And Standards

Review your status, complete a risk assessment and create, produce and publish Security Standards and Policies.

Our Services


Assess your organization against UK, EU and US legislation and regulations: GDPR, PCI-DSS, ISO27001, Money Laundering, Sarbanes-Oxley.

IT Risk Management

Identify areas of potential risk and design a customized, complete security solution.

Managed Security

Outsource your IT Security to ITSecurity.Org Security Experts.

Penetration Testing

Securing online assets and supporting regulatory compliance by exposing the vulnerabilities on the network.

Procedures And Guidelines

Assess your people, processes and technologies. Create, produce and publish procedures and guidelines.

Data Protection

Assess your Data Protection environment against recent regulatory and legislative requirements including GDPR.

IT Security Consulting

Build effective IT security policies to reduce threats to your critical business assets.

Mobile Security

Protect mobile devices, secure connectivity, ensure appropriate access, and safeguard data and applications.

Physical Security

Assess and enhance your physical security plan with a wide variety of Physical Security Solutions

Security Training

Train your staff in the principles of Security and Data Protection and prevent data breaches.