top of page
General Data Protection Regulation (GDPR)

GDPR Compliance

GDPR compliance made simple. Partner with the experts.​

office meeting and review

More info

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). If you operate inside the UK, you need to comply with the Data Protection Act 2018 (DPA 2018).

The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

 

The GDPR applies to all organisations that process the personal data of individuals located in the European Economic Area (EEA), regardless of the organisation's location. The GDPR also applies to organisations that process the personal data of individuals who are not located in the EEA, if the organisation offers goods or services to individuals located in the EEA or monitors their behaviour as far as their behaviour takes place within the EEA.

The provisions of the EU GDPR have been incorporated directly into UK law as the UK GDPR.

Data protection

Our Solutions

The GDPR sets out a number of requirements for organisations that process personal data, including:

Lawfulness, fairness, and transparency: Processing data with a valid legal basis, being open about its use, and not processing it for unrelated purposes.

Purpose limitation: Collecting data for specific, legitimate purposes only.

---

Data minimisation: Collecting only the necessary data.

---

Accuracy: Keeping personal data up-to-date.

---

Storage limitation: Retaining data for only as long as necessary.

---

Security (Integrity and confidentiality): Implementing appropriate technical and organizational measures to protect personal data.

---

Accountability: Being able to demonstrate your compliance.

---

Providing individuals with access to their personal data

---

Deleting personal data upon request from individuals

---

Reporting data breaches to data protection authorities

Organisations that fail to comply with the GDPR may face a number of penalties, including:

Fines of up to €20 million or 4% of global turnover, whichever is greater

---

Injunctions to stop processing personal data

---

Imprisonment of up to two years​

What Does GDPR Compliance Involve?

Assessment: Understanding what personal data you handle and how.

---

Data subject rights: Implementing mechanisms to address requests like subject access, erasure ("right to be forgotten"), rectification, and others.

---

Policies and Procedures: Creating clear privacy policies, data breach notification plans, and internal procedures for handling data responsibly.

---

Consent (when necessary): Obtaining valid, informed consent for data processing if you don't have another legal basis.

---

Data Processing Agreements: Having contracts in place with third parties that process data on your behalf.

---

Data Protection Officers: Appointing a DPO in certain cases.

---

Privacy by Design & by Default: Building privacy considerations into new projects and settings.

 

If you are an organisation that processes personal data of individuals located in the EEA and UK, OCM Communications can help you to comply with the GDPR by:

GDPR Audit: A comprehensive review of current data handling practices, identifying where the company stands against GDPR requirements.

---

Data Mapping: Understanding the types of personal data collected, where it's stored, how it flows through the organisation, and who has access to it.

---

Risk Assessment: Identifying potential privacy risks, including vulnerabilities in systems, processes, and third-party relationships.

---

Technical Controls: Implementing security measures like encryption, access controls, firewalls, and data loss prevention (DLP) solutions.

---

Vulnerability Scans and Patch Management: Regularly scanning systems for vulnerabilities and ensuring timely software updates to maintain security.

---

Training and Awareness: Providing employee training programs on GDPR principles, data handling procedures, and breach recognition.

---

Compliance Reviews: Conducting periodic reviews to ensure continued GDPR adherence and adapting to any regulatory changes.

Achieve GDPR peace of mind. Schedule your free initial consultation now.

bottom of page