Are you still sweeping GDPR under the carpet?

14 Jun, 2018

Are you still sweeping GDPR under the carpet?

If so, don’t be embarrassed, you’re not on your own. In March it was revealed that a large proportion of businesses were either only in the early stages of preparation or hadn’t even started.

Whilst the ticking time bomb counted down to 25th May 2018, this was not a final cut-off.  GDPR is an ongoing matter that your business will need to continually comply with so it’s not too late to start your preparations.

Firstly, we’ll look at what it is, secondly at the ICO Checklist and finally how we can help you comply.

Not sure what GDPR is?

The General Data Protection Regulations (GDPR) is a beefed up version of Data Protection. It has been a regulation for a while but became legislation on the 25th May.  If you fail to comply, you run the risk of big fines from the Information Commissioner’s Office (ICO).  The potential fines for failing to comply with GDPR could reach up to €20 million or 4% of the group worldwide turnover (whichever is the greater) against both data controllers and data processors.  You can find out more about GDPR on the ICO website.

To put these fines into perspective, The University of Greenwich recently became the first university to be fined by the ICO following a ‘serious’ security breach involving personal data. As this fine was issued under the Data Protection Act 1998, they were only fined £120,000.  Had this been under the GDPR, the fine could have been considerably higher!

So, if you haven’t even thought about GDPR then what are your next steps?

12 Step Checklist

The ICO issued a detailed 12 steps in preparing for GDPR but here’s a quick run through:

  1. Make sure key people within your business are aware that the law has changed.
  2. Conduct an internal audit to find out what personal data you hold, where it came from and who you share it with.
  3. Review your current privacy notices.
  4. Check your procedures to ensure they cover all the rights individuals have.
  5. Update your procedures and plan for subject access requests.
  6. Identify the lawful basis for you processing the data.
  7. Review how you seek, record and manage consent.
  8. If you hold data on children, consider your procedures for verifying ages and obtaining parental or guardian consent.
  9. Review your procedures for detecting, reporting and investigating a personal data breach.
  10. Adopt a privacy by design approach and carry out a Privacy Impact Assessment.
  11. Assign a Data Protection Officer.
  12. If you operate in more than one EU member state, document your lead data protection supervisory authority.

Reviewing these steps, it’s understandable why GDPR has been so daunting.

How we can help

If you need extra support, we can help in two ways:

1. GDPR Training  

We are running a GDPR Bootcamp course, helping you to prepare for GDPR and giving you a better understanding of the evidence you will need.

This course offers you the opportunity to work through your own organisations unique GDPR needs. With our trainer’s support, you’ll leave with documents prepared and a specific action plan for you to implement.

To book on to our next course, please visit our website.

2. GDPR Consultancy  

We appreciate that every business is different and each will manage their data in different ways. We can therefore arrange for one of our GDPR consultants to provide one-to-one guidance tailored for your needs.

To explore this option, call us on 01905 670303 or email

How ISO 27001 can help

The Cyber Security Breaches Survey 2018 found that some businesses have used GDPR as a leverage with management to improve their cyber security. If this is something you’re considering, it may be worth implementing the ISO 27001 Information Security Management Standard.

Those businesses who have ISO 27001 are already half way to achieving GDPR compliance. This standard helps you effectively manage risks to the security of your confidential information, both electronically and physically.  More information on achieving ISO 27001 Certification can be found here.

ISO Quality Services Ltd are proud to specialise in the implementation and certification of the Internationally recognised ISO and BS EN Management Standards.

Do you want to get ahead of your competition? Win more tenders or save time and money on reoccurring issues? Contact us today on 0330 058 5551 or email

Alternatively, you can request a quote by filling out our enquiry form and a member of our team will be in touch shortly.

Related Posts

The BS EN 15713:2023 Update

9 Feb, 2024

The new BS EN 15713:2023 has been published.  Here’s everything you need to know about the changes and how to transition from BS EN 15713:2009.

Good Egg Awards return for the 7th year

31 Jan, 2024

It’s that time of the year again – an opportunity to acknowledge the hard work of your colleagues through our Good Egg Awards.

Keyboard with a padlock and data privacy printed across the top

Data Privacy and the Role of ISO 27001

22 Jan, 2024

Adopting ISO 27001 demonstrates a commitment to safeguarding stakeholders’ information and enhancing data privacy, here’s how:

Bingo Box Campaign Delivers 345kg of Hope for the Holidays

20 Dec, 2023

The surge in energy prices, inflation, and a challenging cost of living situation is making it increasingly difficult for people to provide meals for their families. In light of this, we have once again initiated a campaign to assist in feeding more families this Christmas. And with the generous support of local businesses, our Bingo Box campaign has garnered an overwhelming response!