Are you still sweeping GDPR under the carpet?

14 Jun, 2018

Are you still sweeping GDPR under the carpet?

If so, don’t be embarrassed, you’re not on your own. In March it was revealed that a large proportion of businesses were either only in the early stages of preparation or hadn’t even started.

Whilst the ticking time bomb counted down to 25th May 2018, this was not a final cut-off.  GDPR is an ongoing matter that your business will need to continually comply with so it’s not too late to start your preparations.

Firstly, we’ll look at what it is, secondly at the ICO Checklist and finally how we can help you comply.

Not sure what GDPR is?

The General Data Protection Regulations (GDPR) is a beefed up version of Data Protection. It has been a regulation for a while but became legislation on the 25th May.  If you fail to comply, you run the risk of big fines from the Information Commissioner’s Office (ICO).  The potential fines for failing to comply with GDPR could reach up to €20 million or 4% of the group worldwide turnover (whichever is the greater) against both data controllers and data processors.  You can find out more about GDPR on the ICO website.

To put these fines into perspective, The University of Greenwich recently became the first university to be fined by the ICO following a ‘serious’ security breach involving personal data. As this fine was issued under the Data Protection Act 1998, they were only fined £120,000.  Had this been under the GDPR, the fine could have been considerably higher!

So, if you haven’t even thought about GDPR then what are your next steps?

12 Step Checklist

The ICO issued a detailed 12 steps in preparing for GDPR but here’s a quick run through:

  1. Make sure key people within your business are aware that the law has changed.
  2. Conduct an internal audit to find out what personal data you hold, where it came from and who you share it with.
  3. Review your current privacy notices.
  4. Check your procedures to ensure they cover all the rights individuals have.
  5. Update your procedures and plan for subject access requests.
  6. Identify the lawful basis for you processing the data.
  7. Review how you seek, record and manage consent.
  8. If you hold data on children, consider your procedures for verifying ages and obtaining parental or guardian consent.
  9. Review your procedures for detecting, reporting and investigating a personal data breach.
  10. Adopt a privacy by design approach and carry out a Privacy Impact Assessment.
  11. Assign a Data Protection Officer.
  12. If you operate in more than one EU member state, document your lead data protection supervisory authority.

Reviewing these steps, it’s understandable why GDPR has been so daunting.

How we can help

If you need extra support, we can help in two ways:

1. GDPR Training  

We are running a GDPR Bootcamp course, helping you to prepare for GDPR and giving you a better understanding of the evidence you will need.

This course offers you the opportunity to work through your own organisations unique GDPR needs. With our trainer’s support, you’ll leave with documents prepared and a specific action plan for you to implement.

To book on to our next course, please visit our website.

2. GDPR Consultancy  

We appreciate that every business is different and each will manage their data in different ways. We can therefore arrange for one of our GDPR consultants to provide one-to-one guidance tailored for your needs.

To explore this option, call us on 01905 670303 or email

How ISO 27001 can help

The Cyber Security Breaches Survey 2018 found that some businesses have used GDPR as a leverage with management to improve their cyber security. If this is something you’re considering, it may be worth implementing the ISO 27001 Information Security Management Standard.

Those businesses who have ISO 27001 are already half way to achieving GDPR compliance. This standard helps you effectively manage risks to the security of your confidential information, both electronically and physically.  More information on achieving ISO 27001 Certification can be found here.

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

Related Posts

Reduce, Reuse, Recycle

ISO 14001 Is Just About Recycling… Isn’t It?

19 Sep, 2023

The days of checking bins have gone! Find out how ISO 14001 has changed with the times.

Puzzle piece being put in place in to the center of a circle.

10 Benefits of Implementing Multiple ISO Standards

30 Aug, 2023

In the dynamic landscape of modern business, organisations are constantly seeking ways to enhance operational efficiency, quality, and management practices. A powerful strategy that has gained traction is the implementation of multiple ISO standards.

Multicoloured question marks in a pile with one large green question mark on top

What is the Annex SL Structure?

30 Aug, 2023

Implementing multiple ISO standards may seem daunting, but the Annex SL framework simplifies this process significantly. So, what is the Annex SL Structure, and what benefits does it bring organisations who want to implement multiple standards?

What are the business benefits of implementing ISO 9001?

10 Aug, 2023

For any business to survive, continual improvement is vital.  However, we all know that improvements can be costly.  Deciding on the right way to spend any budget you do have can be difficult including new equipment, extra staff or training existing staff to name but a few.  In this article, we look at why ISO 9001 can be a big boost to any business and why we believe it is the best way to ensure continual improvement for your business.