The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is the biggest development in data protection law this century.  It has been created to strengthen data protection for all individuals in the EU and to ensure organisations are accountable for how they use our personal data.

GDPR will apply from May 2018, so if your organisation processes personal data about EU citizens, then your organisation will need to comply.

The Regulation is not just limited to the marketing or sales departments. GDPR is likely to impact on all areas of your organisation if it involves the management of personal information relating to your customers or employees.

How to prepare for GDPR?

With organisations expected to comply with GDPR from 25 May 2018, it’s essential that you start planning your approach soon.  To understand what you need to implement, start by considering the following:

  • Identify what new processes or procedures you need to implement and start employing data protection by default in your processes
  • Designate a representative to manage your data protection compliance and name your organisation’s details and point of contact
  • Start keeping records of the data you hold, where it came from, how you use it and who you share it with
  • Check your processes and procedures to ensure they cover the individual’s rights and review how you seek, record and manage consent.
GDPR Overview

GDPR Overview

Download the GDPR overview document which looks at the main principles, key concepts, who needs to be compliant and how to go about it.

How can Lloyd's Register help?

Data Protection Impact Assessments - DPIA 
DPIAs can be used to identify and fix potential issues at an early stage and are an effective way to take a ‘data protection by design’ approach. Lloyd’s Register’s risk management specialists have an in-depth knowledge of GDPR requirements and data protection risk methodologies so are ideally placed to help you with your DPIAs.

Data mapping and classification assessment 
All organisations are required to manage their data processing activities. To do this, it is important that you understand what personal data you hold, where it came from and where that data goes. Lloyd’s Register’s data mapping and classification service can help you identify the data flows throughout your organisation.

GDPR Gap Analysis
If you’re at an early stage of preparing for the Regulation, a GDPR gap analysis is a great way to review your critical, high risk or weak areas of your systems and processes. Lloyd's Register can support you with an on-site assessment of your current level of GDPR compliance to help you and your organisation identify what areas to address before the regulation applies in May 2018.

GDPR Readiness Assessment
If you are unsure where to start with your GDPR preparations, Lloyd's Register’s detailed Readiness Assessment will leave you with a clear road-map to compliance. This on-site assessment will review your current practices against the requirements of the GDPR.