Contact Us Today!

Special Facebook Promotion

Like us on Facebook and get 10% off your next order.

Our Data Governance & Privacy Program

Staff security awareness trainings provided by team of experts.

Data Protection / EU GDPR Toolkits

80+ GDPR templates, including policies, procedures, and checklists, so you know everything is covered – easily demonstrate GDPR compliance while reducing implementation costs.

Learn more about Data Protection toolkits.

Privacy eLearning and Staff awareness

GDPR awareness

PCI DSS awareness

ISO 27001 awareness

Phishing awareness

Data awareness

Easily create your GDPR data protection policy using this customizable template

Clear and effective policies are a key part of GDPR compliance.

If you are unsure what elements your data protection policy should include or where to start, this template, created by our expert GDPR practitioners, can help you create one in minutes, enabling you to fulfil your Article 24 obligations

Steps to GDPR Compliance

General Data Protection Regulation (GDPR) comes into effect in May 25th 2018.


GDPR is a concerted effort to bring all of the privacy regulations in Europe under a single umbrella. This will provide for a strong focus to address privacy at organization level. There are those who might think that this is a punitive measure designed to collect fines, but GDPR is an attempt to enforce data governance accountability.


1. Establish an accountability and governance framework

The board must understand the implications of the GDPR in order to support the project and allocate the resources required to complete it. A director will also need to be assigned accountability for the GDPR, and data protection risk will need to be incorporated into the corporate risk management and internal control framework.

eBook: EU GDPR – A Pocket Guide is perfect for these first stages.


2. Create a project team

A person or team must control this project, and they will need significant understanding of both the business and the GDPR.

Certified EU General Data Protection Regulation Foundation and Practitioner training courses will give your team the knowledge and skills required to implement an effective compliance program and fulfil the data protection officer (DPO) role.

A book GDPR – An Implementation and Compliance Guide is a useful resource for the project team.



3. Scope and plan the project

Once the GDPR team is aware of the ins and outs of the Regulation, it will need to work out what parts of the business fall within the scope of the GDPR (business units, territories and jurisdictions) and identify which standards and management systems may be affected or could contribute to GDPR compliance, e.g. ISO 27001. Speak to your IT team to find out if there are any projects starting soon that involve personal data, as these will be candidates for privacy by design. The essence of privacy by design is that privacy in a service or product is taken into account not only at the point of delivery but also from the inception of the product.

4) Build a data inventory

To assess what measures are needed to align your data processing with the GDPR, you must first identify which categories of data are held, where the data comes from and the lawful basis for processing it. There are special categories of data that entail stricter processing rules, such as getting explicit consent.

5) Conduct a data flow audit

It’s essential to understand the flow of personal data within the business, as well as where it comes from and where it is sent. This will help you to identify risks in data processing activities and where controls are required.

From this, you can decide whether a data protection impact assessment (DPIA) is required to help identify, assess and mitigate or minimize privacy risks with data processing activities. The three primary conditions for a DPIA identified in the GDPR are:

  • Systematic and extensive evaluation of personal aspects relating to natural persons, which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person.
  • Processing on a large scale of special categories of data or of personal data relating to criminal convictions and offences.
  • Systematic monitoring of a publicly accessible area on a large scale.


Data Flow Mapping Tool software allows you to create data flow maps with a simple, easy-to-use interface.


6) Conduct a detailed gap analysis

It’s vital to get an understanding of your level of compliance with the GDPR. A gap analysis highlights this as well as offering guidance on the key areas your organization must address. EU GDPR Compliance Gap Assessment Tool is designed to allow organizations to assess their own compliance status, and GDPR Gap Analysis service provides an on-site assessment.



7) Create or improve key policies and processes

According to Article 30 of the GDPR, companies will be required to record personal data processing activities including, but not limited to, the categories of data being processed, the categories of recipients of the data and time limits for keeping the data.

Each business will also need a privacy notice and a data protection policy, and to update or review contracts with employees and suppliers to ensure they are compliant.

Data subject access requests, incident reporting and data breach reporting will all need written processes, too.

The EU GDPR Documentation Toolkit is a complete set of GDPR-compliant templates that are easy to use and customizable. It includes all the processes outlined above as well as other helpful documents such as a data protection officer job description.


8) Communications strategy

As your business becomes GDPR compliant, staff needs to understand and follow the new processes and procedures. Training new staff and holding regular refreshers is essential.

9) Monitor, audit and improve

GDPR compliance is a journey not a destination. To demonstrate ongoing compliance you will need to undertake periodic internal audits and updates of your data protection processes. This includes record keeping of processing activities and consent, testing information security controls and conducting DPIAs. Don’t delay until May 2018 to get GDPR-ready, get help (contact us) to do initial gap assessment.




Looking to get an introduction to the GDRR? Live Online training course ✍

Certified GDPR Foundation Training Course


ISO/IEC 27701 2019 Standard - Published in August of 2019, ISO 27701 is a new standard for information and data privacy. Your organization can benefit from integrating ISO 27701 with your existing security management system as doing so can help you comply with GDPR standards and improve your data security.

ISO/IEC 27701:2019 #PIMS


ISO/IEC 27701 2019 Gap Analysis Tool Your organization can benefit from integrating ISO 27701 with your existing information security management system, so it can help you comply with GDPR standards and improve your data security.

The goal of ISO 27701 is to:

  • strengthen the existing Information Security Management System (ISMS) with the extension of a PIMS, as well as privacy-related controls,

  • simplify the management of complicated overlapping privacy laws,

  • create a privacy program that's grounded in evidence and that shows GDPR compliance through a recognized form of certification and

  • perform as the foundation for potential GDPR compliance.

The simplest, fastest, and most affordable way to comply with privacy legislation like the EU’s GDPR (General Data Protection Regulation), the CPRA (California Privacy Rights Act), New York’s SHIELD Act, and others. With Privacy as a Service, you can: 

* Achieve scaled privacy compliance quickly
* Remain one step ahead of legislative developments with affordable advice and support
* Reduce privacy risks with one simple subscription service
* Enjoy peace of mind with your own dedicated data privacy manager

Print | Sitemap
InfoSec | @ 2021 DISC