GDPR Compliance

GDPR (General Data Protection Regulation) is now officially in place and with business risking hefty financial penalties for non-compliance (up to €20 million or 4% of global turnover, whichever is higher), it is crucial that your business practices adhere to the new legislation.

As an ISO 27001 accredited company, we are experienced in designing and implementing procedures for best practice in information security management and we have developed a Website Documentation Pack and a Compliance Pack. These have been designed to assist your business in becoming GDPR compliant, have been independently verified by a solicitor, barrister and US attorney, and are of the highest quality with comprehensive guidance notes explaining how to use the templates. Our website pack consists of templates for Terms of Use, Privacy Policy and Cookie Policy, and our Compliance Pack offers assistance in a total of 24 areas, which we’ve listed at the bottom of the page.

We decided to offer these templates as we believe that when it comes to getting for GDPR then your website should be the first place to start as:

  1. It’s public.
  2. Proven consent procedures need to be in place when it comes to collecting email address (and this needs to be verified consent by a legal guardian if the person is under 18).
  3. Any data submitted through your website needs to be encrypted and,
  4. How you store data, whether this is in-house or through a third party, needs to be fully documented and include a procedure for the new ‘right to be forgotten’ clause.

Please call for further help and pricing regarding how to use the website and compliance pack, or alternatively we can save you a lot of time with our Done-For-You-Service. To find out more give us a call.

Compliance Pack Details

Acceptable Use Policy

Access Control Policy

Data Processing Agreement

Data Protection Impact Assessment (DPIA) Tool

Data Protection Impact Assessment Procedure

Email Policy

GAP Analysis Template

Information Security Policy

Internal Breach Register and Breach Notification Form

Internal Data Protection Policy

Password Policy

Personal Data Breach Notification Procedure

Personal Data Request Guidance

Personal Data Request Response Template Guidance

Personal Data Request Response Template

Remote and Mobile Working Policy

Removable and Mobile Working Policy

Removable Media Policy

Retention and Disposal Schedule

Sub Processing Agreement

Subject Access Request Procedure

Subject Access Request Record

Training Policy

Transfers of Personal Data to Third Countries of International Organisations Procedure

Still not sure or have more questions? Give Colin Edwards a call on 020 3234 0090 or drop us an email quoting GDPR in the subject line.
Frequently Asked Questions
What the hell is GDPR?
GDPR stands for The General Data Protection Regulation and will replace the current Data Protection Act on the 25th May 2018.
How does this affect my business?
Well it brings with it a range of new compliance obligations that all businesses will need to comply with or be faced with fines of upto €20 million or 4% of global turnover for non-compliance.
What are my compliance obligations?
The new obligations state that if you use or collect personal data from EU citizens then those same individuals will have a right to know or object to it’s use.
How do we become compliant?
There are a number of steps that can be taken such as those stated above to start on your road to compliance and Colin Edwards, a certified IBITGQ/GASQ GDPR Practitioner is available to consult  and implement the changes required for you to become GDPR compliant so give us a call on 020 3234 0090 for more information.