Creating Advantage with Compliance

We can help

Key Requirements for GDPR

Organisations doing business in Europe see six key areas of GDPR  that are having the greatest impact on their business :


Requirement for a comprehensive data inventory and record keeping of all data processing activities – Article 30.


Boards must be able to demonstrate how they have integrated Accountability and Governance from the top down through the organization.

Breach Notification

Mandatory data-breach notification within 72 hours to regulators and individuals –Article 33.

Managing Individual's

Eight defined individual rights to be informed of processing, of access to data, to correct mistakes, transfer data, erase data, to object to processing, and to restrict processing, and to intervene on automated decisions made when processing data.

Data Protection Impact Assessments

Use of data-protection impact assessments (DPIA) for certain processing activities
– Article 35


Data Protection Officers as a requirement for certain organisations – Article 37

Watch UKGDPR on InsureTV

Compliance and Security Debate

Questions to Consider

9. Have we adopted a cross-border data transfer strategy?
8. Have we appointed a Data Protection Officer (DPO) if required?
7. Have we an ongoing defined training plan?
6. Do we have an Incident Response plan and breach notification that meets the GDPR’s 72-hour notification requirement? Has this been tested through a workshop exercise?
5. Have we implemented a Privacy by Design program, and integrated Data Protection Impact Assessments into Standard Operating Procedures?
4. Do we have visibility of, and control over, what personal data we collect and the data flows across the enterprise?
2. What is our data foot print across the enterprise, including employee, customer and partner data?
3. Can we evidence GDPR compliance to regulators upon request?
1. Can we show how we have implemented the Accountability principle from the top down?
Learn More

We're a group of privacy and security consultants with experienced GDPR practitioners and Data Protection Officers. We look forward to helping you align your company goals with appropriate and adequate organisational and technical measures. 

Copyright 2018 UKGDPR Limited, a company registered in England, company number: 11002759