Get ready for compliance with DRMI’s GDPR Experts

Expert Readiness Information and Consultation in Alliance with the GDPR Institut


The mission of the DRMI’s GDPR Experts team is to guide you through the necessary steps to be in a GDPR defensible position. In order to do that, we have aligned with the GDPR Institut providing you a hands-on specific set of policies and practices to determine what changes, if any, are needed to be made in your organization
We are here to serve your needs. To get started, take advantage of our free consultations with a GDPR expert as well as a free GDPR Readiness Benchmark Analysis.

Schedule a private one-on-one session with a DRMI/GDPR expert

The GDPR Practice will provide a limited number of free conference calls with one of our GDPR Experts.
This could be followed by a more in-depth review


What is the GDPR regulation?

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation set by the EU parliament for the protection of EU citizen personal identifiable information (either in digital or non-digital form.)

The GDPR will apply to all companies that offer goods or services to, or monitor the behavior of EU citizens. It applies to all organizations established in the EU, and also to companies based outside of the EU if they have EU citizens as customers.

The GDPR takes effect, May 25, 2018, replacing the 1995 Data Protection Directive (Directive 95/46/EC).

What is the intent of the GDPR regulation?

The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU and to create an environment of trust between the data subjects and those entities that control and process their personal information.

The GDPR is designed to unify data protection and privacy requirements across the European Union (EU).

What does it mean to me?

(Am I a Controller or a Processor or both?)

If you collect, process, store, maintain or transmit personal information of EU Data Subjects (EU citizens and residents) – which include end users, customers and employees, you come under the GDPR, as a controller, processor or both.

A ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data, where the controller processes the data directly or indirectly. This means an organization that defines, organizes and determines how the data is to be collected and used. A controller does not have to perform the actual processing of the data.

A ‘processor’ means a natural or legal person, public authority, agency or other body which processes the personal data on behalf of the controller.

Note: an entity can be both a controller and a processor.

How do I become GDPR compliant?

One thing to look out for when looking to become GDRP compliant is organizations that claim they will “certify” your organization to be GDPR compliant – there is no certification program.

The following steps provide a process to becoming GDRP compliant:

  • Assess current Data systems, policies and procedures
  • Be aware of what kind of data is held, where it is stored and how it is protected. What kind of software and technology is in place to protect data?
  • Review the current data-related policies and procedures, including encryption, remote access, mobile devices, sensitive information, HR exit procedures, third parties and data breach notifications.
  • Consider requesting a third-party data security company to carry out an objective assessment.
  • Identify risks and gaps to meet the GDPR requirements
  • Are the current systems, policies and procedures adequate to protect data? Are there any risks of data breaches?
  • Individuals’ rights – are there systems in place to transfer personal data to other companies and to delete personal data if requested?
  • Are requests for permission to use customers’ personal data clear on the purpose and period of time?
  • Identify solutions and create a timeline to implement them
  • Research suitable solutions for any identified risks or gaps.
  • Solutions must be implemented before the GDPR comes into force.
  • Designate a Data Protection Officer or lead contact
  • A DPO can be appointed if mandatory for the business, or an internal lead contact person can be appointed for data protection initiatives and to communicate with the Data Protection Authority if required.
  • The DPO or lead contact should communicate with senior management to discuss data protection strategies and for approval.
  • Staff training and awareness
  • Ensure that staff are aware of the importance of data protection and any new/amended processes to comply with the GDPR.
  • Ensure internal teams communicate with each other to maintain data protection, such as IT, Security, Legal and Compliance teams.



Want to contribute? Have to content to be featured on our blog?

Recent Posts

Thought of the Day: Google and the right to be forgotten

In a recent landmark case, it was decided that Google must remove search results about a businessman’s criminal conviction. This could have wide-ranging repercussions. A similar claim by a different businessman for a more serious offence had been rejected by the same...

Building the cyber security community

Elizabeth Denham’s speech at the National Cyber Security Centre’s CYBERUK 2018 event, Manchester Central, 12 April 2018. Introduction If I seem a little comfortable in this spot, it’s perhaps because only three days ago I was right here welcoming people to our 2018...

Thought of the Day: The end of online passwords?

WebAuthn, short for Web Authentication, is a new web standard that is expected to end the use of passwords. Instead of having to remember lengthy and complex passwords, users will be able to use biometrics, like fingerprints, or devices that they already own, like...

Take Action

Getting ready for GDPR is essential, lorem ipsum.

Schedule a private one-on-one session with a DRMI/GDPR expert

The GDPR Practice will provide a limited number of free conference calls with one of our GDPR Experts.
This could be followed by a more in-depth review