General Data Protection Regulation


Gap analysis


Perform a gap analysis of your current system to indicate what must be done to comply with GDPR.

Document drafting

We can draft the necessary consent forms, policies, and procedures.

Data Protection Officer


Act as your organisation's Data Protection Officer (a new requirement under GDPR).



Detailed advice on the requirements of GDPR and DPA 2018.

Implement ISO 27701 


ISO 27701 is a potential GDPR certification mechanism and would provide the necessary proof that your organization treats the personal information of its customers in compliance with the law, including for the case of cross-border data flows.

Accountability and governance

You must be able to demonstrate compliance with the EU GDPR. This includes:

  • Establishing a governance structure with roles and responsibilities.

  • Keeping a detailed record of all data processing operations.

  • Documenting data protection policies and procedures. 

Privacy rights of individuals

Individuals’ rights are enhanced and extended in a number of important areas. Data subjects have:

  • The right to be informed;

  • The right of access;

  • The right to rectification;

  • The right to erasure;

  • The right to restrict processing;

  • The right to data portability;

  • The right to object; and

  • Rights in relation to automated decision-making and profiling.

Six data processing principles

The EU GDPR lists six data processing principles that data controllers must comply with. Personal data must be:

  • Processed lawfully, fairly and transparently.

  • Collected only for specific legitimate purposes.

  • Adequate, relevant and limited to what is necessary.

  • Accurate and, where necessary, kept up to date.

  • Stored only as long as is necessary.

  • Processed in a manner that ensures appropriate security.

Data transfer outside the EU

The transfer of personal data to international organisations and countries outside the EU is only allowed:

  • Where the EU has designated a country as providing an adequate level of data protection;

  • Through standard contractual clauses or binding corporate rules; or

  • By complying with an approved certification mechanism.

Data Protection Officer (DPO)

The appointment of a DPO is mandatory for:

  • Public authorities;

  • Organisations involved in high-risk processing; and

  • Organisations processing special categories of data.

Transparency and privacy notes

Organisations must be clear and transparent about how personal data is going to be processed, by whom and why.


Start your Journey

Contact us now for a free quote or if you have any questions.

ISO 18001 Health and Safety Management System

  • Facebook Social Icon
  • Twitter Social Icon

© 2021 by AKRUP