Business that handle Personal Information have 15 months left to comply with new EU General Data Protection Regulation (GDPR)


Companies that collect, store or process data relating to any EU resident will be required to comply with the new EU regulation by May 2018 if they don’t want to face significant penalties.

It is anticipated that, due to the nature of cloud-based services, many companies will not be aware of their need to comply. Microsoft have promised its cloud services will be compliant with GDPR by 2018. But companies using the services of Microsoft or any other GDPR compliant cloud service providers will still be required to take further action.

GDPR Requirements

The data protection principles are similar to the principles set out in Directive 95/46/EC (the Data Protection Directive), but a new accountability principle now makes controllers responsible for demonstrating compliance with the data protection principles.

This means that if you handle the personal details of your customers you need to undertake the following activities:

  1. You should reduce the amount of personal information you store, ensuring that you do not store it for longer than necessary.
  2. You must obtain consent when processing children’s data
  3. There must ensure clear and affirmative consent is provided when processing private data.
  4. If you work for a public authority a Data Protection Officer must be appointed. This is also the case where core activities involve “regular and systematic monitoring of data subjects on a large scale” or where large-scale processing of “special categories of personal data” takes place.
  5. You now need to adopt a risk-based approach when undertaking higher-risk data processing activities.
  6. You will be required to report data breaches to the data protection authority when it represent a risk to the rights and freedoms of the customer.
  7. Your customers now have the right to be forgotten
  8. You have to consider the risk of transferring data to countries outside of the EU.
  9. If you process data you now have to meet stricter legal obligations, meaning you can be held liable for data breaches.
  10. Your customers can now request a copy of personal data in a format usable by them.
  11. Privacy in your service or product is to be taken into account from inception through to delivery.
  12. Data should only be collected to fulfill specific purposes and discarded when it is no longer required, to protect data subject rights.

GDPR Compliance

If you are concerned about compliance with GDPR, you can protect your organisation by implementing an Information Security Management System (ISMS) ISO 27001 offers businesses an ISMS which follows international best-practice and will help you to put processes in place that protect all information assets, not just customer information or information that is stored electronically.

To find out how you could implement an ISO 27001 information security management system or how it can help you to ensure compliance with GDPR requirements, contact QMS today on 0333 344 3646 or email [email protected].

Sign up to get the latest in your inbox

    • Email address

About the author

  • Name:

    Michelle Whitehouse

  • Company:

    Brand and Content Marketing Manager

  • Bio:

    Michelle joined Citation ISO Certification in 2012. Having held several different roles across the business, she uses the insight and experience gained to shape and drive the brand and content marketing strategy. Managing a small team; she ensures that the customer is at the forefront of everything we do. Delivering event programmes and communication strategies that pack value into the overarching experience for both new and existing customers, Michelle is an innovative thinker that believes in offering services that add real value to people’s lives. With a background in sales, digital marketing, content strategy and marketing communications, Michelle takes an in-depth, hands-on approach to her role within the business and is passionate about developing the relationship that exists between the brand and customers through a combination of technology and communication.


QMS International use cookies to provide you with a better site experience, enable features and to help us understand how our website is being used.

By continuing, you consent to the use of cookies in accordance with our Cookie Policy

Allow All Cookies

Allow Strictly Necessary Cookies Only