+44 (0) 1534 78 00 77
Book an appointment

What is GDPR

Salvus Data Protection & Compliance

Powered by best-in-class partners

The General Data Protection Regulation “GDPR”

The regulatory authorities have recognised both business and individual weaknesses in the digital age.
The GDPR became law in the UK and EU April 2016 with a two year grace period for organisations to prepare for compliance.

The GDPR becomes fully enforceable
25th May 2018
Fines are set at levels to attract attention
€20 million or 4% of global turnover whichever is the greater

What is the GDPR about?

The primary purpose of the GDPR is to increase trust in online services to enable economic growth in the digital age.

Surveys across the EU showed:

• Only 15% of people believed they had full control over their data.

• Over 70% of EU citizens have low/no trust in online services.

    ◦Yet the digital economy is unavoidable for organisations to remain competitive and provide consumers with cost-efficient services.

The GDPR introduces best-practice standards that enable organisations to meet the expectations of the digital market consumers, while providing the regulators with the powers to penalise and/or sanction abusers.

The GDPR is an EU legal structure that applies globally to any organisation dealing with EU citizens, regardless of where the organisation may be based.

A brief history

The DNA of the GDPR goes back to the 1953 EU Human Rights Convention. As technologies have advanced the law has been updated to protect those fundamental human rights.
The current EU (1995), UK (1998) and C.I. (2001/2005) laws are out of date.

• The first commercial transaction on the internet was in 1995, since then the internet has exploded, along with abuses of personal data.

• Smart phones/devices start to proliferate from 2007, expanding the internet issues into all walks of life and all age-groups (i.e. Children became exposed to ‘grooming’).

Privacy & security by design

The GDPR focuses on protecting personal data of all EU/UK and C.I. consumers, children and vulnerable groups.

By assuring privacy and security, organisations that comply with the GDPR can build trust with customers, while customers can be confident that their data is protected to high standards and that they can have full control over their personal data.

• Full details of the core principles, consumer rights and other features of the GDPR are available in our free GDPR 12-Step Guide

Power to Protect

It is important to understand that the GDPR is a regulation, not a directive:

• The EU Data Protection Directive (EU DPD, 1995) allowed EU member states flexibility in how it was applied and enforced (if at all).

• The General Data Protection Regulation applies equally to all EU/EEA member states, and all territories worldwide that are handling information on EU citizens.

• The articles, compliance measures, enforcement and penalties are highly prescriptive; allowing low/no flexibility.

Punitive Fines

Up to €20 million, or 4% of global turnover Whichever is the higher

• The fines apply to each data breach event (not each data record breached).

• Maximum fines will be applied where it is clear the breach was caused by negligence or abuse.

• Negligence/abuse can expose officers to further criminal and civil actions.

Does the GDPR apply to your organisation?

Many organisations are unsure if or how the GDPR may apply to them.

We have prepared a simple self assessment based on the most important exemptions that are included within the law.

• Take our quick self-assessment here.

How can my organisation comply with the GDPR?

Download our GDPR 12-Step Programme guide to understand what you are required to do, and prove that you have done it (the GDPR is all about having evidence, not opinions).

Is it too late for my organisation to start now?


You can purchase our GDPR FastTrack Toolkit and get a head-start. For most small businesses this will help you get a long way toward compliance while saving you many weeks of work and thousands of ££ £’s of legal or other costs.

I am busy, can I get it all done for me?


Salvus can provide you with a full Outsourced Data Protection Officer (O-DPO) service that is designed to take circa 1 day of your time from start to finish.

What other benefits does the Salvus service provide?

Salvus focuses on cost effective solutions that deliver high efficiency. We can usually deliver clients a total payback of their GDPR solution investment (consultancy, training, policies & tools) within less than a year, while year 2 performance will increase payback to the organisation.

• Salvus can prove that technology is the most economically viable solution to regulation in the digital age.

We work with the best technology solution providers in the world, including Microsoft and others.

Click here to review the benefits of Salvus solutions to GDPR.

Click here to review our tools/technology partners.