Is your company affected by the General Data Protection Regulation (GDPR)


What is the GDPR?

The General Data Protection Regulation (GDPR) is a Regulation created by the European Commission to strengthen and unify data protection for individuals within the European Union (EU) and addresses export of personal data outside the EU. The aim is to give back control of  personal data to the public and to unify the regulation within the EU.

Who does the GDPR apply to?

The GDPR applies to businesses handling personal data. These businesses are split into two categories:  ‘controllers’ and ‘processors’. The ‘controller’ says how and why personal data is processed and the processor acts on the controller’s behalf. If you are currently subject to the Data Protection Act (DPA), it is likely that you will also be subject to the GDPR.

What does this mean to UK Businesses?

In a statement, the ICO emphasised that if the UK wanted to trade with the single market on equal terms, it would have to prove “adequacy” – this means that, from 2018, when the GDPR is released,  the UK’s own data protection standards would have to be seen as equivalent to the EU’s GDPR framework in order to avoid hefty fines.

What should I be doing, as a business that handles data and information assets?

The ICO have published a GDPR Preparation Document to help businesses understand what will be required. ISO 27001 is also a great place to start. This internationally recognised, information security management system has been created by industry experts from across the globe to help businesses put robust data protection processes in place. It will identify areas for improvement, enabling you to set out an action plan to get your organisation to the standard it needs to be.

Also, once you have the correct processes in place, and these have been reviewed by a qualified auditor, you can demonstrate your compliance to interested parties by displaying the ISO 27001 Logo and Certification on your.

If you would like to find out more about ISO 27001 and how it can help your business, why not get in touch with QMS today by calling 0333 344 3646 or emailing [email protected].

Sign up to get the latest in your inbox

    • Email address

About the author

  • Name:

    Michelle Whitehouse

  • Company:

    Brand and Content Marketing Manager

  • Bio:

    Michelle joined Citation ISO Certification in 2012. Having held several different roles across the business, she uses the insight and experience gained to shape and drive the brand and content marketing strategy. Managing a small team; she ensures that the customer is at the forefront of everything we do. Delivering event programmes and communication strategies that pack value into the overarching experience for both new and existing customers, Michelle is an innovative thinker that believes in offering services that add real value to people’s lives. With a background in sales, digital marketing, content strategy and marketing communications, Michelle takes an in-depth, hands-on approach to her role within the business and is passionate about developing the relationship that exists between the brand and customers through a combination of technology and communication.


QMS International use cookies to provide you with a better site experience, enable features and to help us understand how our website is being used.

By continuing, you consent to the use of cookies in accordance with our Cookie Policy

Allow All Cookies

Allow Strictly Necessary Cookies Only