What is the GDPR?

Posted on 31/08/2017

The General Data Protection Regulation harmonises data privacy laws across Europe and aims to protect the data privacy of all EU citizens. The aim of the GDPR is to protect consumers from privacy and data breaches in an increasingly data-driven world which is vastly different from the world of the 1990s, during which the first directive was established. It explicitly promotes accountability and transparency and companies are expected to adhere to comprehensive but proportionate measures.

Who does it apply to?

If you are processing data from individuals in the context of selling goods or services to citizens in the EU you will need to comply with the Regulation. The GDPR applies to and places specific legal obligations on ‘controllers’, the person who says how and why personal data is processed and ‘processors’, who act on the controller’s behalf.

What information does the GDPR apply to?

Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

Are you ready for GDPR?

On 25th May 2018 the EU Directive, the General Data Protection Regulation (GDPR) will come into effect and replaces the current Data Protection Directive. At that time, any company deemed non-compliant will face heavy penalties and fines.

How can I demonstrate that I comply?

There are different ways that you can demonstrate compliance, however, certification is a good mechanism to show commitment and that your business processes are robust.


Certification has now become a formal feature of the EU GDPR. The Regulation states that certificates from approved and accredited Certification Bodies are acceptable routes of demonstrating compliance.
ISO 27001 Information Security Management is the international best practice standard for Information Security. ISO 27001:2013, the current version of the standard, provides a set of standardised requirements for an information security management system (ISMS). The standard is suitable for any organisation, large or small, and in any sector and is especially suitable where the protection of information is critical, such as in the banking, financial, health, public and IT sectors. The standard is also very applicable for organisations which manage high volumes of data or information on behalf of other organisations such as data centres and IT outsourcing companies.


Exova BM TRADA is an UKAS accredited certification body No. 0012, offering ISO 27001 Information Security Management certification. Find out more about ISO 27001 certification here.
25 May 2018 23:55
Find out more about ISO 27001 certification
Get ISO 27001 News
News and offers from Exova's BM TRADA's certification team
Subscribe now
ISO 27001: 2013
Guidance and documentation
ISO Standard changes
Understand the changes to standards.
Find out more
About us
Our services are essential for businesses of all types whether it is to get products to market, meet contractual and regulatory requirements or improve quality, safety, efficiency and sustainability. 
Find out more
On 25th May 2018 the EU Directive, the General Data Protection Regulation will come into effect and replaces the current Data Protection Directive.