The GDPR is the EU Regulation that will replace the Data Protection Act 1998 in the UK and the equivalent legislation across the EU Member States. All UK business will be subject to GDPR from 25th May 2018, regardless of Brexit.

Failure to comply could cost you fines of up to 4% of your company’s global annual turnover, not to mention your reputation (source:

Here’s a snapshot of what GDPR will require you to do:


Keep a record of data operations and activities and consider if you have the required data processing agreements in place.


Carry out privacy impact assessments (PIAs) on products and systems.


If applicable to your organisation, designate a Data Protection Officer (DPO).


Review your personal data collection processes.


Know how and when to notify the relevant supervisory authority of a data breach.


Implement “privacy by design” and “privacy by default” in the design of all new and existing products.

how can we help?

Our professional partner NDC can provide the initial Consultancy and Training then our IT specialists and cyber security experts at Soitron UK to offer you a comprehensive range of information security management services:


Our Lead Auditors can provide on/off consultancy and training that will support you to:

>Implement and maintain ISO27001 within your organisation

>Develop effective GDPR policies, audit checklists and protocols

>Raise awareness of GDPR requirements and benefits within your organisation


Soitron UK have the technical expertise to help you develop robust IT systems that that comply with GDPR and protect data and customer information.


Technical experts can help you to test the cyber security levels of your existing IT systems and develop safer systems, networks and users with:

>Penetration Testing:
Ethical hacking to test your system’s security.

>Cyber Essentials and Cyber Essentials Plus:
Government-backed programmes, designed to encourage businesses to achieve a baseline level of security that can be evidenced to stakeholders.

>Vulnerability Scans:
Identify and act on weaknesses within your networks.

Stages to Progress in Compliance

Awareness Training

GAP Analysis – Identify Weaknesses and Areas for Development

Implementation/Internal Auditor

 Read more on GDPR compliance