020 3151 6000

Choose Priority One for GDPR compliance

Our cyber security division has a team of certified GDPR practitioners and data protection experts ready to assist you in your journey to GDPR compliance. You can be confident that we have the knowledge and experience you need to get your company ready for the GDPR.

“I started looking into the implications of GDPR in early 2017. It wasn’t until I spoke with Jon Abbott at Priority One that I felt confident that here was someone who understood the questions, and could provide the answers.”

Colin Sears, Regulatory & Management Consultant

What is GDPR?

In 1998 the Data Protection Act (DPA) was introduced by UK Parliament as the main piece of legislation to govern the processing of data on identifiable living people. However, the technology landscape has changed so much since the act was enforced, that this law is now significantly out of date and is not able to protect the individual as originally intended. A prime example would be social media sites capturing personal data, profiling it, and selling it to advertisers, without the individuals explicit consent.

However, the General Data Protection Regulation (GDPR) under EU law, which was adopted on 27th April 2016 and will apply from 25th May 2018, will supersede our Act and the Data Protection Directive from 1995, and be significantly more stringent. The main focus of GDPR will be to protect the personal data of all individuals residing within the EU, irrespective of where the company holding the data is based, and includes rules around holding, processing, profiling, maintaining and deleting that data to name a few.

ISO 27001:2013 Logo

Contact our GDPR practitioners today on 020 3151 6000


Data Mapping

Data mapping allows an organisation to better visualize and understand where their data is located. This involves but is not restricted to: the nature of the data, its location on the network, who has access to it, is the data securely stored, is it shared across several systems. Proper data mapping is therefore a necessity when it comes to data protection and data privacy, which are two essential parts when aiming towards GDPR compliance.

How can we help?

An audit of the data flow is a good first step to undertake in order to have a clear visibility and mitigate risks about client’s data, employee’s data and vendor’s data. It also helps to manage information assets effectively and retrieve specific data quickly. Moreover, data mapping goes hand in hand with Data Portability.

Data Portability

Under article 20 of the GDPR, data portability allows individuals to reuse their personal data across several IT environments. It includes the possibility to copy, transfer, and move personal data in a secure way to transmit it to other organisations if required.

GPDR compliance is important because the data needs to be structured and machine readable by commonly used software.

How can we help?

Assist with putting in place automated processes to organise and structure the data in a GDPR compliant way (database, scripting, data entry software). Putting in place “encryption tunnels” to prevent interception if the data needs to be sent from one IT system to another (from one company to another for example). Review the query for data portability to ensure it does not breach any of the GPDR articles.

Visit our blog for more GDPR content

SAR (Subject Access Requests)

Under section 7 of the Data Protection Act, individuals have the right of access to personal data.

How can we help?

When preparing responses to queries about personal data access, it is important to understand what data is requested because there are several exemptions. We can help by double checking the nature of the data that is demanded, making sure that it falls in line with DPA Section 7 and preparing the exportation of the required data.

Continual Compliance Assistance

Achieving GPDR compliance is only one step of the whole process. Once this is achieved, the next step is to keep up to date with any additional articles, changes of regulations/laws but also making sure that the processes put in place remain compliant overtime.

How can we help?

Monitor the processes that have been put in place to verify that they are still enforced. Assess on a regular basis the controls that have been implemented to verify that they are functional and operational (update them if necessary and/or implement new ones if needed). Conduct regular PIA/DPIA “audits” to assess the risk of exposure of personal information and prevent data breaches.

Contact us

Our GCHQ certified practitioners are ready to take your call.

020 3151 6000

[email protected]