Are you still sweeping GDPR under the carpet?

14 Jun, 2018

Are you still sweeping GDPR under the carpet?

If so, don’t be embarrassed, you’re not on your own. In March it was revealed that a large proportion of businesses were either only in the early stages of preparation or hadn’t even started.

Whilst the ticking time bomb counted down to 25th May 2018, this was not a final cut-off.  GDPR is an ongoing matter that your business will need to continually comply with so it’s not too late to start your preparations.

Firstly, we’ll look at what it is, secondly at the ICO Checklist and finally how we can help you comply.

Not sure what GDPR is?

The General Data Protection Regulations (GDPR) is a beefed up version of Data Protection. It has been a regulation for a while but became legislation on the 25th May.  If you fail to comply, you run the risk of big fines from the Information Commissioner’s Office (ICO).  The potential fines for failing to comply with GDPR could reach up to €20 million or 4% of the group worldwide turnover (whichever is the greater) against both data controllers and data processors.  You can find out more about GDPR on the ICO website.

To put these fines into perspective, The University of Greenwich recently became the first university to be fined by the ICO following a ‘serious’ security breach involving personal data. As this fine was issued under the Data Protection Act 1998, they were only fined £120,000.  Had this been under the GDPR, the fine could have been considerably higher!

So, if you haven’t even thought about GDPR then what are your next steps?

12 Step Checklist

The ICO issued a detailed 12 steps in preparing for GDPR but here’s a quick run through:

  1. Make sure key people within your business are aware that the law has changed.
  2. Conduct an internal audit to find out what personal data you hold, where it came from and who you share it with.
  3. Review your current privacy notices.
  4. Check your procedures to ensure they cover all the rights individuals have.
  5. Update your procedures and plan for subject access requests.
  6. Identify the lawful basis for you processing the data.
  7. Review how you seek, record and manage consent.
  8. If you hold data on children, consider your procedures for verifying ages and obtaining parental or guardian consent.
  9. Review your procedures for detecting, reporting and investigating a personal data breach.
  10. Adopt a privacy by design approach and carry out a Privacy Impact Assessment.
  11. Assign a Data Protection Officer.
  12. If you operate in more than one EU member state, document your lead data protection supervisory authority.

Reviewing these steps, it’s understandable why GDPR has been so daunting.

How we can help

If you need extra support, we can help in two ways:

1. GDPR Training  

We are running a GDPR Bootcamp course, helping you to prepare for GDPR and giving you a better understanding of the evidence you will need.

This course offers you the opportunity to work through your own organisations unique GDPR needs. With our trainer’s support, you’ll leave with documents prepared and a specific action plan for you to implement.

To book on to our next course, please visit our website.

2. GDPR Consultancy  

We appreciate that every business is different and each will manage their data in different ways. We can therefore arrange for one of our GDPR consultants to provide one-to-one guidance tailored for your needs.

To explore this option, call us on 01905 670303 or email

How ISO 27001 can help

The Cyber Security Breaches Survey 2018 found that some businesses have used GDPR as a leverage with management to improve their cyber security. If this is something you’re considering, it may be worth implementing the ISO 27001 Information Security Management Standard.

Those businesses who have ISO 27001 are already half way to achieving GDPR compliance. This standard helps you effectively manage risks to the security of your confidential information, both electronically and physically.  More information on achieving ISO 27001 Certification can be found here.

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

Related Posts

ISO QSL Awards

ISO QSL Finalists for Three Awards

4 May, 2022

We’re pleased to announce that we have been shortlisted for three Chamber Business Awards with the Herefordshire and Worcestershire Chamber of Commerce.

Bird & Amy Take the Plunge for NCW

26 Apr, 2022

Client Care Advisors, Bird Hancock and Amy Taylor will soon be taking the plunge in a sponsored tandem sky dive.  Can you help them reach their fundraising target?

Good Egg Awards Ceremony 2022

1 Apr, 2022

This year, we had a record number of nominations for our Good Egg Awards….. 102!

We want to say congratulations and well done to all the nominees, finalists and winners.


Fancy a Spot of Tee?

31 Mar, 2022

Picture this, bacon butties, a spot of tea (or coffee) and a round of golf… sound good? Then join us for our annual charity golf day…