Data Protection & GDPR

The EU General Data Protection Regulation is here.

EU organisations and those that process the personal data of people in the EU have until May 25th, 2018 to comply.

With Commissum’s help, you can establish your current level of compliance with GDPR, identify the necessary actions to achieve compliance, and get the support you need to implement those actions.

Key changes against the current Data Protection Act:

  • Increased fines
  • Freely-given, specific, informed and unambiguous consent
  • Requirement for certain organisations to appoint a Data Protection Officer
  • Right to erasure and data portability
  • Wider territorial reach
  • Breach reporting obligations
  • Privacy by design

EU GDPR brings data protection efforts up to date with technological advances, with fines proportionate to the impact of breaches on individual data subjects.

Organisations which fail to comply with the regulation after it comes into force can face fines of up to 4% of global turnover, or €20 million – whichever is higher.

Our Approach

We’ll take the time to understand your organisation’s data processing activities and the location, portability and processing of personal data within, before laying out the steps you need to take to comply.

  • Data Discovery & Mapping - identifying and understanding personal data held by the organisation resulting in the creation of key GDPR documents – data inventory and data flow maps
  • GDPR Gap Analysis & Roadmap - identifying gaps in the organisations’ current stance against the requirements of GDPR and providing recommendations for compliance in a prioritised roadmap
  • Implementation Workshop - to prepare all parties for the implementation of the roadmap to achieve and maintain compliance with EU GDPR

Taking steps to comply with GDPR and improve information security across your organisation shouldn’t be a box-ticking exercise – it is an opportunity to improve resilience against security breaches and other threats to information security, thereby producing value for your organisation.

By understanding your data protection obligations and how personal data is stored and processed throughout your organisation, your ability to mitigate data privacy risks is greatly improved.


  • Increase your organisation’s operational resilience to threats while avoiding hefty fines
  • Confidence that data processing is compliant with EU GDPR and your obligations are met
  • Information security efforts can be aligned with strategic business objectives
  • Security improvements should be led from the top down – we equip you with teh tools and knowledge you need to create a culture of security at your organisation
  • GDPR Preparation can be combined with our ISO 27001 services for organisations looking to undertake more holistic improvements by implementing the globally accepted standard for information security

Get in touch to discuss your organisation’s EU GDPR project with our experts today.