Specialist GDPR Compliance 

The General Data Protection Regulation

The General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a comprehensive law approved by the EU Parliament in 2016, taking effect on May 25th, 2018. Designed to align with the evolving nature of data usage, the GDPR represents the EU’s commitment to ensuring strong data protection.

Purpose of the GDPR

The purpose of the GDPR is to provide a standardised data protection law across all the member countries. Designed to make it easier for EU citizens to understand how their data is being used, and also raise any complaints, even if they are not in the country where its located.

New regulation

The new regulation gives users greater control over their data, including the ability to export it, withdraw consent and request access to it.

It also makes data protection rules more or less identical throughout the EU, allowing for the easier transfer of data through out the European Union.

Business with Europe

It affects any company that does business with Europe, whether they are based in the EU or not.

It serves as a leading regulatory model for other data protection authorities throughout the world.

Do  you need to comply with the GDPR? We can help

Our industry experts help you understand the GDPR and provide a clear and actionable road map leading to compliance

Our team can serve as a complement to your internal staff or provide support to your existing team, ensuring the seamless integration of our services with your company’s operations.

No matter where you are in your GDPR compliance journey – whether you’re just beginning or seeking to evaluate your current policies and procedures – we have a selection of solutions tailored to meet your specific requirements.

Why work with PrivacyTrust

Delivering Compliance

Certified Privacy Professionals

Our team of Privacy Professionals are on hand to ensure you reach your data protection and privacy goals

Privacy Consultants

Our Privacy Consultants collaborate with our clients to assess their current compliance level, budget, and timeline, ensuring that we deliver a tailored solution that meets their specific requirements, within budget and on schedule.

long-lasting support

Staff training and data protection officers as a service are just some of the ways we support our client over the long term


Solutions Overview

GAP Analysis

The PrivacyTrust gap analysis identifies differences between current and desired states of complaince 

3rd party Audit

PrivacyTrust audit checks if your company meets the required regulatory framework by evaluating its processes, procedures, and practices.


PrivacyTrust provides expert advice and guidance to your organization helping to solve problems, make improvements and achieve your compliance goals


PrivacyTrust provides specialized recruitment services for privacy professionals and related experts. Trust us to find the best talent for your privacy needs


PrivacyTrust offers Data Protection Officers as a Service (DPOaaS), providing expert guidance for privacy compliance


Complete a PrivcyTrust GAP analysis and implement the findings from our report and we will give you a seal you can use to demonstrate your compliance

More resources

GDPR Data Breach Notification
GDPR Consent
GDPR Fair Processing
GDPR and Brexit
Whats the real purpose of the GDPR?
How to make the GDPR a success
GDPR date
GDPR consent requirements
Privacy by Design GDPR
PrivacyTrust GDPR Program
First steps towards GDPR

First steps towards GDPR

Step 1: Awareness of GDPR requirements

Organizations should ensure that the appropriate people are aware of the new changes brought about by the GDPR. These individuals need to assess how the GDPR will impact its current processes, services and products, as well as what needs to change in order to comply with the GDPR.

Step 1: Awareness of GDPR requirements

Organizations should ensure that the appropriate people are aware of the new changes brought about by the GDPR. These individuals need to assess how the GDPR will impact its current processes, services and products, as well as what needs to change in order to comply with the GDPR.

Step 2: Know the Rights of Data Subjects

The rights of data subjects have been expanded under the GDPR. Therefore, organizations need to ensure that processes are in place that enable individuals to exercise those rights. These processes should have been tested and be subject to continuous oversight to ensure they remain affective.

Data subjects will have the ability to file complaints with DPAs about how their personal data is handled, and how their rights are respected. DPAs will consider every complaint. Subject Rights Management is a core component of the GDPR.

Step 3: Records of Processing Activities

The GDPR requires organizations to keep up-to-date records of their processing activities, including information about the personal data processed, the purpose for processing it, where it originated, and who it is shared with. Organizations need to be able to demonstrate their compliance by sharing these records with DPAs, upon request.

Step 4: Data Protection Impact Assessment (DPIA)

Under the GDPR, organizations must conduct data protection impact assessments (DPIAs) when a processing activity is likely to result in high risk to the rights and freedoms of individuals. However, it is recommended that DPIAs be performed for all processing activities, regardless of risk level.

If identified risks cannot be mitigated successfully, the organization must consult with the DPA prior to commencing the processing activity.

Step 5: Privacy by Design and Data Protection by Default

Organizations need to be aware of the GDPR’s requirements for privacy by design and data protection by default, and begin integrating these principles within their organization.

Privacy needs to be embedded throughout the process of designing products and services. Technical and organizational measures must be in place to ensure the integrity and confidentiality of personal data, and to ensure that personal data is processed only when necessary to achieve a specific purpose.

Step 6: Data Protection Officer (DPO)

Some organizations may be required to appoint a DPO. Organizations need to assess whether this requirement applies to them, and if it does, appoint a DPO as soon as possible to be ready for the GDPR. Regardless, many organizations may want to appoint a DPO as a best practice, even if the requirement does not apply

Step 7: Data Breach Notification

 The GDPR has stricter requirements around recording information about data breaches that occur. Some data breaches will need to be reported to the regulatory authrories withing 72 hours of detection.

All data breaches must be documented internally, regardless of whether it must be reported. The documentation must be ready to be shared with a DPA, upon request.

Step 8: Processor Agreements

Organizations need to re-examine their agreements with data processors to ensure that they meet the requirements with the GDPR. New agreements should be drafted with the GDPR’s requirements in mind.

Step 9: Lead Supervisory Authority

Organizations with establishments in, or that conduct processing activities in, multiple EU Member States, may be subject to regulation by multiple supervisory authorities. However, organizations need to identify their lead supervisory authority with whom they will work with.

Step 10: Consent

Requirements for obtaining valid consent from individuals are stricter under the GDPR. Organizations that rely on consent as the legal basis for a processing activity need to ensure that the consent meets the requirements under the GDPR. This includes how the consent is requested, obtained, recorded, tracked, and amended.

Organizations need to be able demonstrate that consent meets the GDPR’s requirements, and ensure that individuals have a way to easily withdraw their consent at any time.

Helping your business exceed the compliance standard.

Our team of experienced privacy attorneys & certified privacy professionals have a proven track record of delivering privacy frameworks and data privacy solutions, tailored to your business needs.