Telephone: 01908 041464 | Email:

How GDPR is protecting Personal Data

Tuesday 12th September 2017

The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) was introduced in 2018 and forms controls for personal data privacy. In 2016, in an effort to make data protection more comprehensive, the EU combined all Data Privacy requirements into a single piece of legislation that the EU member states were obliged to enforce from 2018.

Under the commitments the UK has made to the European Union, we will continue to honour and adhere to these requirements although in large part, they reflect our own data protection regulations that have been in force since 1995, in the guise of the Data Protection Act. Under the Data Protection Act, organisations that hold our data should ensure that any data they hold is done so fairly and lawfully, and used for limited and specifically stated purposes.

Protecting personal data

The GDPR is a regulation intended to strengthen and unify data protection for all individuals within the EU. It addresses the export of personal data outside the EU. It aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international businesses. 

In addition to the requirements already found in current Data Protection legislation, it addresses issues such as automated analysis (profiling), privacy by design, outsourced activities and includes companies based outside the EU, that collect or process data on EU citizens.

Working with a range of businesses, we are finding that there is:

  • Sometimes a relaxed attitude to data, its gathering, storage and management. In fact, in a survey by the Information Commissioners Office (ICO) it was found that only 25% of consumers trust businesses with their personal information 
  • Assumptions about who is responsible within the organisation. The most common comment is that it's IT that look after all that or we employ a company to look after all our IT
  • Assumptions that when outsourcing IT services, their perceived expertise will protect you

A report from 2015 showed that 80% of European businesses surveyed percieved data protection to be complicated and bureaucratic. However, the growing expectation from consumers and individuals, especially with the introduction of GDPR, is that organisations should have strategies and policies to manage their data and thus avoid cyber attacks or system failures. The revised framework for ISO management systems means that organisations can adopt a similar structure of governance for Information Security that they currently apply to their Quality or Health and Safety, and thus provide the levels of assurance they should. 

Further information on the GDPR can be found on the Information Commissioner's Office website which maintains some useful resources and materials to help you understand the GDPR more thoroughly. 

Related Articles

Comparing Cyber Essentials to ISO 27001
Use 27001 to meet the Hiscox recommendations
14 controls points in the Statement of Applicability

Adam Faiers - Director

Adam has been working on Quality and Environmental management systems for most of his career in small, medium and corporate organisations. A keen advocate of the ISO approach as a platform for improvement, Adam ensures that systems are practical and useful for Managers and Staff to use.

Following a number of years working on software development projects, Adam has diversified into Information Security and Business Continuity management. Keen to formalise his industry experience, he is currently undertaking a Diploma in Business Continuity Management at Buckingham University.

Adam has a PhD from Cranfield University and now supports the MSc Environmental Management programmes through the advisory panel and visiting lectures.

We hope this article has been helpful

If you have any further questions or want to learn more about what we can do for your business, please contact us using the link or details below:


Tel: 01908 255 525