6 Questions to Ask About the EU GDPR

Businesses and organisations are preparing for the requirements which will soon be imposed through the enactment of the European Union's General Data Protection Regulation (GDPR).

In this blog, we share five key questions organisations can ask about the EU GDPR to start preparing.

Copy of 6 Questions to Ask About the GDPR.jpg

Companies and public governments will need to comply with the EU GDPR if you process personal data in the context of selling products or services to citizens in EU countries as well the UK. Even if your company operates outside the EU, but offers products and services or even monitors the behavior of EU data subjects, you will need to comply with GDPR.

Are you able to measure and demonstrate compliance with the GDPR?

By measuring your organisation against the GDPR requirements, the organisation will gain the necessary assurance on whether it complies with the GDPR, highlighting areas of weakness and better prepares your organisation to plan and budget for remediation.

Do we have the processes and resources in place to support access requests from individuals to delete data in accordance with the GDPR?

The GDPR introduces more stringent requirements for the retention and processing of private and sensitive data. It is imperative for an organisation to have the correct policies and procedures in place to handle data in the principles set out in the GDPR.

 Interested in learning more about our GDPR Consulting Services? Learn about them here. 

Do we have the right level of consent and have we updated our data privacy notices?

The safety of minors online and the right to process or store sensitive or private data are key drivers of the GDPR. Transparency in how sensitive or private data is retained or processed and gaining the lawful authorisation to do so are key areas of focus for the GDPR.

Are prepared for a data breach?

Having the necessary technical or administrative security controls in place to secure private or sensitive data and the ability to respond to suspected data breaches in a timely and correct manner will prepare your organisation to respond to most cyber attacks.

Do we have up-to-date records of all data processing activities?

An accurate and up to date inventory of organisational assets used for the processing, retention, and transmission of private and sensitive data not only ensures compliance with the GDPR but also provides a holistic view of all critical assets and business units involved in the processing, retention, and transmission of private and sensitive data.

Check out our NEW infographic on the EU GDPR and how you can prepare for it's arrival. 

Do we incorporate privacy by design into our technical systems

Nothing is more permanent than a temporary fix; this is why security best practice should be incorporated by design. By including the appropriate security controls at project inception, your organisation will ensure that all new systems and services are provided securely from the outset and that the cost of retrofitting security controls after go-live is vastly reduced or even eliminated.

An understanding of your readiness towards the GDPR will enable you to plan and direct resources to address any gaps, reduce costs and increase organisational efficiency. If you‘re having trouble answering any of the questions above, a trusted GDPR expert like CIPHER can help you with compliance readiness. Check out our detailed guide to the GDPR below or contact us for GDPR readiness services!

Clive Boonzaaier is the Technical Director for CIPHER UK.guide to the GDPR
Did you enjoy this blog article? Share it with your peers or comment below.


Founded in 2000, CIPHER is a global cybersecurity company that delivers highly accredited Managed Security Services holding ISO 20000 and ISO 27001, SOC I and SOC II, PCI QSA and PCI ASV certifications. We have received many awards including Best MSSP from Frost & Sullivan for the past five years. These services are supported by the best in class security intelligence lab: CIPHER Intelligence. Our offices are located in North America, Europe, and Latin America with 24×7×365 Security Operations Centers and R&D laboratories, complemented by strategic partners around the globe. 

Our clients consist of Fortune 500 companies, world-renowned enterprises, and government agencies with countless success stories. CIPHER provides organizations with proprietary technologies and specialized services to defend against advanced threats while managing risk and ensuring compliance through innovative solutions.

Recent Security Posts


Twitter Feed