How do you demonstrate GDPR compliance?

March 27, 2018

With just 2 months to go until the EU General Data Protection Regulation (GDPR) compliance deadline of 25th May 2018, I thought I might touch on an interesting aspect of GDPR - that of ‘demonstrating compliance’.


Now to be clear, we're not talking about the 7th Principle of GDPR here, which is all about accountability and liability and focuses on organisations being able to demonstrate to the governing bodies that they have “taken the necessary steps comparable to the risk their data subjects face.”


No, what I’m talking about here is how, for example, RiskSTOP can demonstrate to YOU today that we are GDPR compliant.


In many respects, this is not as easy as complying with the 7th principle. The reason it isn’t easy is because there is no kind of certification scheme in the UK, as yet, allowing organisations to open themselves up to audit and then show they have everything in place to be GDPR compliant. At RiskSTOP we are ISO 27001 Information Security Systems Certified, but as we all know, that’s not the same as GDPR!


If you’ve seen claims by organisations that they are GDPR “accredited” or “certified” in any way, steer clear. There is really no such thing.


Our approach

At RiskSTOP, several of our major clients have already asked us to demonstrate our GDPR compliance, ahead of the deadline. As anyone who has faced the same will tell you, it can be an in-depth process.


And so it should be. Data sensitivity and security is hugely important.


However, for the benefit of our wider audience and customer base we’ve also taken a further step online by briefly explaining on our websites (RiskSTOP and all of the steps we've taken to ensure compliance.


You can read the 7 steps we’ve taken to comply with GDPR here.


As we have seen in the news recently, it is vital that data is processed lawfully, fairly, appropriately, accurately and securely. In the absence of any legitimate GDPR certification scheme, isn’t it now important for all organisations, big or small, to take some steps to very simply, succinctly and credibly highlight their approach to GDPR compliance?


You have until 25th May!














Danny Lillington

Managing Director, RiskSTOP Group


Please reload

Featured Posts

Statement regarding Covid-19 outbreak from RiskSTOP Group

March 6, 2020

Please reload

Recent Posts
Please reload

Please reload

© Copyright 2017 The RiskSTOP Group Ltd - All rights reserved.
Registered Office: The Pavilion, Botleigh Grange Business Park, Hedge End, Southampton SO30 2AF. Registered in England with number 6236118