The General Data Protection Regulation (GDPR) embodies a new legal framework, taking effect in the 28 Member States from 25 May 2018, and translating into four principles:

Why do we need the data?

Who can access the data?

How long do we keep the data?

How do we safeguard the data?

Main changes introduced by the GDPR?

• Control over personal data
• Single supervisory body
• Risk-based approach
• Security measures appropriate to the risk
• Restrictions in the concept of “consent”

• Data transfer between countries
• Data processing restrictions
• 72 hours to report violations
• Fines to the value of 4% of profits or 20M

GDPR compliance services

GDPR-related consultancy and auditing services that consist in reviewing the information flows implemented, with the aim of identifying possible risks of non-compliance with the following components of the GDPR: technology and IT security, consultancy and legal compliance and business and operating processes.


Identification of the organisation’s main failings in respect of GDPR requirements. We analyse the technological risks that compromise information security, the weaknesses of IT security policies and behavioural risks in the context of the use of information systems. This service is suitable for smaller companies or companies with a low degree of maturity in respect of the GDPR and which require guidance to get their internal process up and running.


This service expands on the pre-assessment with an exhaustive survey of business processes, data and information using a methodology based on documentation provided by the client and through interviews with key users. This service is suitable for medium or large companies where the pre-assessment would be insufficient given the organisations’ requirements and complexity.


This service complements the assessment service by conducting audits to confirm the information gathered, auditing documentation, information systems and expanding the base of key users interviewed using a system of sample testing.