The General Data Protection Regulation (GDPR)

What does the new law mean for you and your organisation?

The General Data Protection Regulation (GDPR) is the biggest development in data protection law this century – increasing safeguards for individuals and making organisations more accountable for how they use our personal data. The GDPR brings data protection to the forefront of your organisation’s processes; whether you handle personal information relating to your customers or employees, GDPR will have an impact on the way you work.

What is the GDPR?

The European Parliament approved the General Data Protection Regulation (GDPR) [Regulation (EU) 2016/679] in April 2016 and it will apply from 25 May 2018. It will strengthen data protection for all individuals within the EU regardless of where the data is held. It builds on existing regulations to improve consistency and the safeguards in place.

Our GDPR services in summary

In the information security and data protection arena our services cover both training and assessment including:

  • The GDPR Briefing gives an introduction to the principles and concepts found in the GDPR.
  • The GDPR Foundation course explains the implications for your organisation and the steps to take to become compliant.
  • Data Protection Officer (DPO) training helps DPOs prepare for the requirements and responsibilities of their new role.
  • GDPR readiness assessment and gap analysis.
  • Data mapping and classification.
  • We can carry out Data Protection Impact Assessment (DPIA) on your behalf and we can provide DPIA training that gives practical guidance on how to conduct DPIA within your organisation.
  • GDPR controls assessment and attestation.
  • Data protection and information security onboarding via eLearning.
  • Training, Gap Analysis and Certification for ISO 27001 (information security management), ISO 22301 (societal security – business continuity management systems) and BS 10012 (personal information management system).

Lloyd's Register gives an introduction to the six principles of the GDPR, which set out the main responsibilities for organisations in relation to the new data protection regulation, which will apply from May 2018.