IMSM Ltd, Wiltshire
01793 296704

GDPR:
General Data Protection Regulation

The General Data Protection Regulation (GDPR) is an EU regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

Trusted by over 2,000 companies across the globe

General Data Protection Regulation.

Tell me more about this standard...

What is GDPR?

The General Data Protection Regulation 2016/679 (GDPR) will replace the actual directive (Data Protection Directive). GDPR is focused on the protection of data subjects. It will be enforceable from May 25, 2018. Organisations are encouraged to start preparing now, taking into account that some obligations may be onerous and time-consuming to implement.

Both administrative fines and legal proceedings can be placed against organisations found to be in violation of the regulations. Regulatory bodies across the EU have been given the power to enforce greater financial penalties than ever before. These fines are a maximum of € 20,000,000 or 4% of the total worldwide turnover for the parent company in the previous financial year, whichever is the greater value. The only way to minimise a fine is to show your steps towards compliance. From the outset, be aware that GDPR is not just an IT problem.

0+

Years of Experience

0K+

Overall Certificates Issued

0

Months to Implement on Average
ISO Certification Made Simple

Article 5 of the GDPR requires that personal data shall be:

Processed lawfully, fairly, and in a transparent manner in relation to individuals.
Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  1. Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.

Your journey starts here

More information on the Road to ISO Certification

Image link

Learn more about GDPR

Download your free GDPR Guide

Image link
The Process

Steps to getting GDPR certification

With our excellent support and guidance you can rest assure that your GDPR certification will be successful.

1. Initial Consultation

We help you outline your goals, focusing on what your business wants to achieve and how it defines success, particularly in relation to your client’s requirements. You and your ISO consultants will agree on reasonable outcomes and delivery dates.

2. Producing System Documentation

Next, the IMSM consultant will audit your existing procedures and help you document the new systems that will help deliver success – both existing and how you will improve these. The manual system documentation sets out how your business should operate going forward so that it can deliver GDPR.
You will be able to view the manual system documentation, along with most other relevant documentation, on our client portal IMSMLoop. It offers a comprehensive insight into the progress of your ISO implementation, along with copies of the relevant audit reports, certifications, and any necessary corrective actions. The portal serves as a central hub for tracking your ISO journey.

3. GDPR Framework Adoption

While the manual is a vital document moving forward, it is even more important that it gets put to practical use. We work with the senior management team to ensure the framework is embedded throughout your organisation. We can also develop and deliver tailored training for staff to ensure that the understanding and implementation of GDPR is watertight. This will create consistency across your organisation, transforming your business from day one so it is optimised for efficiency, continual improvement, and greater profitability.

4. Submission to External Auditor

Before you can be awarded the certification, your organisation applies to the third-party certifying body that you have selected to conduct your audit. This audit objectively determines whether your business conforms to GDPR, and the relevant accompanying documentation is accessible through our client portal, IMSMLoop.
Our Benefits

Why choose IMSM?

Simple: We make it simple. Since 1994, we've helped businesses achieve ISO certification, with over 150 experts worldwide and 15,000+ clients trusting us to implement their ISOs. We've proven to be experts at handling the logistical heavy lifting, saving your company valuable time.

With a transparent fixed fee, flexible approach, and real-time access to updates, documentation, and an array of other features through IMSMLoop, we collaborate with your organisation to make any ISO implementation as straightforward and beneficial as possible.

Experienced ISO Consultants

How can ISO Specialists help your business?

Getting started with ISO certification might seem daunting; this is often the reason why businesses enlist the help of an ISO consultant. For 30 years, we've supported and guided organisations like yours through certification. Our experienced consultants take the lead on auditing your business, helping you use the results to enhance your quality management system. If necessary, there is also plenty of room for training.

Established ISO Certifiers since 1994
google partner badge

GDPR: Frequently Asked Questions

Does my organisation need to be GDPR compliant?
If you store, collect, process, or transmit data, you’re in scope and have to comply with the GDPR. The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU. When processing sensitive or personal data as either a data controller or processor, you must take appropriate technical measures to secure data against accidental loss, damage, or destruction and provide explicit consent for processing each service.
How can organisations prepare?
The adoption of internationally recognised management system standards such as ISO/IEC 27001 information and data security demonstrates an organisation’s active vigilance and preparedness to achieve compliance and maintain compliance with GDPR.
How are GDPR and ISO/IEC 27001 related?
ISO/IEC 27001 is a framework for information protection. According to GDPR, personal data is critical information organisations must protect. Some GDPR requirements are not directly covered in ISO/IEC 27001, such as supporting the rights of personal data subjects: the right to be informed, the right to have their data deleted, and data portability. But, if the implementation of ISO/IEC 27001 identifies personal data as an information security asset, much of the GDPR requirements will be covered.
What rights do individuals have under GDPR?
GDPR grants individuals several rights regarding their personal data, including the right to access, rectify, erase, restrict processing, and object to the processing of their data. Additionally, individuals have the right to data portability, allowing them to obtain and reuse their personal data across different services.
What constitutes personal data under GDPR?
Under GDPR, personal data refers to any information that relates to an identified or identifiable individual, known as a data subject. This includes not only names and contact details but also identifiers such as location data, online identifiers, and any other information that can be used to identify a person, directly or indirectly.
This standard contributes to the following Sustainable Development Goals:
03
04
05
09
10
16

High Quality & Prestigious Brands

Advanced services combined with a large experience and fast performance.

“We decided to use IMSM to help and support us through the process. We were fairly new to this as a company and to have a company like IMSM guiding us through the requirements saved us time and gave us the confidence to present to the external auditors, knowing we had everything covered”

starstarstarstarstar
David Spence, Operations Engineering Manager
Ping Network Solutions

"Our ISO certifications help us provide consistent, quality-focused services that our clients have come to depend on and appreciate.”

starstarstarstarstar
Cherie Sprout, Executive Assistant
Integral Consulting Services, Inc.

“We can now demonstrate, via externally internationally recognised accreditation, that Pall-Ex is the number one pallet network for quality. This also allows us extensive yearly external auditing by our certification provider against a measured standard.”

starstarstarstarstar
Will Gardner, Head of QHSE & Operational Improvement
Pall-Ex Limited

"Our IMSM Assessor put in a lot of time and effort; they did a really good job for us, helping to organise what we had here. We had a lot of the pieces in place, they just weren’t put together, which IMSM helped us to do. We have a system in place now and we continually follow up on everything. “

starstarstarstarstar
Steve Head, Business Improvement Director
Anderson Dahlen