6 years of the GDPR

Reflect – Review – Refresh

The EU GDPR (General Data Protection Regulation) took effect on 25 May 2018, updating EU data protection law for the first time in more than 20 years.

Six years later, after a global pandemic, a shift to remote and hybrid working, and the widespread adoption of generative AI, the way we process personal data has changed considerably.

If you’re a data processor or controller, it’s therefore worth taking the time to reflect on your data protection obligations, review your data processing activities and refresh your compliance programme to ensure you remain in compliance with the law.

After all, GDPR compliance is an ongoing process that should adapt to changing practices.

PDF download: General Data Protection Regulation (GDPR) – A compliance guide

Download this free green paper to understand the core elements of the GDPR, including:

  • Who must comply with the Regulation;
  • The benefits of achieving compliance;
  • The Regulation’s fundamental principles and rights;
  • How to lawfully transfer personal data outside the EU; and
  • Tips on how to write your privacy notice.

Download now

Reflect on your data protection obligations

Under the Regulation, personal data must be:

  • Processed lawfully, fairly and in a transparent manner;
  • Collected for specified, explicit and legitimate purposes;
  • Adequate, relevant and limited to what is necessary;
  • Accurate and, where necessary, kept up to date;
  • Retained only for as long as necessary; and
  • Processed in an appropriate manner to maintain security.

GDPR compliance is not just a matter of ticking a few boxes: demonstrating compliance with the Regulation’s data processing principles involves taking a risk-based approach to data protection, ensuring appropriate policies and procedures are in place to deal with provisions for transparency, accountability and individuals’ rights, and building a workplace culture of data privacy and security.

Learn more about GDPR compliance

Other GDPR compliance products and services

IT Governance has been at the forefront of GDPR compliance solutions since before the Regulation took effect. Since then:

  • More than 5,000 people have taken our GDPR training courses;
  • We’ve delivered GDPR staff awareness training to more than 85,000 people;
  • We’ve provided GDPR consultancy to more than 900 organisations; and
  • Hundreds of organisations have bought our GDPR books, documentation templates and toolkits.

If you need to update your GDPR compliance activities to ensure you still meet your obligations, we have everything you need – whatever your resources or expertise.

View all our GDPR and data privacy services

Speak to a GDPR expert

If you’re looking for help with your EU GDPR project, get in touch with our experts,
who can advise you on which of our products and services are best suited to your needs.

Speak to an expert

Note: The GDPR Gap Analysis service is provided by DQM GRC. Data Protection Officer (DPO) as a Service, the GDPR Advice Service, GDPR Contract and Legal Services and Data Subject Access Request as a Service are all provided by GRCI Law. DQM GRC, GRCI Law, IT Governance Ltd and IT Governance Europe are all part of GRC International Group. For a more efficient customer experience, you will be redirected to the relevant website.

top
Protect your
business
this winter