Data Protection, Information Security & Privacy Compliance with GDPRPLAN.COM

On the 25th May 2018, the EU GDPR (General Data Protection Regulation) replaced the 1998 UK Data Protection Act, as well as every localised interpretation of Directive 95/46/EC.

On the 1st January 2021, the UK officially completed the transition period of leaving the European Union and converted EU Data Protection Laws into UK domestic law.

Despite the UK officially leaving the EU and completing the transition period, The General Data Protection Regulation (GDPR) has been retained in UK law and will continue to be read alongside the Data Protection Act 2018, with technical amendments to ensure it can function in UK law*.

What You Need to Know

If you are a business that carries out any activities across the European Economic Area (EEA) such as (but not limited to) advertising (including online tracking or customer profiling), delivery of goods/services, then you must still:

  1. Implement appropriate technical and organisational measures that ensure and demonstrate that compliance (which may include policies around areas such as staff training, internal audits of processing activities, and reviews of HR policies).
  2. Maintain relevant documentation on processing activities (such as transferring personal data internationally)
  3. Where appropriate, appoint a Data Protection Officer (DPO) or Data Protection Representative.
  4. Implement measures that meet the principles around the Confidentiality, Integrity, and Availability of personal information.
  5. Use Data Protection Impact Assessments (DPIA’s) where appropriate.

With quoted fines of up to €20m/£17m or 4% of global annual turnover (whichever is the greater), “doing nothing” is not an option!

Even if you do not receive a fine, the reputational damage to your business (as a result of the negative publicity) could potentially lead to:

  • Loss of customers and revenues (either as a result of lack of trust, or under instruction from the relevant Supervisory Authority to stop collecting/processing personal data)
  • Drop in share-price and business valuation – leading to shareholder unrest
  • Class action lawsuits (by any affected individual)

Work With Qualified Professionals at

Our qualified team are here to help you on your journey towards compliance with the EU GDPR. We have achieved the following globally recognised Data Protection, Project Management and Information Security designations (as a minimum) and are members of IAPP as well as the British Computer Society (BCS):


gdprplan accreditations

Click Here to view our Consultancy Services and Training Options or Contact Us to discuss YOUR requirements