What is the GDPR?

The General Data Protection Regulation (GDPR) will, from 25th May 2018, significantly extend the provisions of the Data Protection Act.  It's an EU Regulation, but it will still apply after the UK has left the EU.

It significantly extends the rights of Data Subjects (people about whom you hold or process data.)  For example, the right to know what data is stored about them, and to request correction and erasure. 

It also puts a heavy burden of responsibility on Organisations processing or controlling personal data, which include very large fines for non-compliance and data breach.  These responsibilities mean that affected organisations need to take Cyber Security seriously and systematically.  The consequences of not doing so could be expensive.


We have a free GDPR "quick check" tool available to everyone.  GDPR assessment tool

For a low-cost comprehensive GDPR assessment, Rizikon contains a detailed GDPR questionnaire and report detailing all areas of the new regulation that apply to your organisation and lists recommended actions required in order to prepare.  Rizikon costs £500 + VAT for an annual subscription and also gives you a detailed personalised Cyber Security Risk Assessment & Action Plan, and tells you how close to reaching the Cyber Essentials accreditation your organisation is.  More about Rizikon.

GDPR Self-assessment tools


GDPR Programme Design & Management

The GDPR comes into effect from 25th May 2018, which might sound like a very long time away.  However, as this free GDPR quick check will show you, it will have profound on many organisations - so early preparation is recommended.

Crossword's GDPR programme design and management service encompasses as much of the GDPR analysis, planning and implementation process as you require.  It includes three main stages;

  • GDPR Analysis (including Personal Data Audit - see below)
  • Design - including Policies, Data Subject Requests, Breach reporting, Cyber Security approach (Data Breach prevention), DPO role, Communications and training
  • Implementation

For more information on GDPR preparation read our GDPR blog.


Virtual Data Protection Officer

GDPR requires certain organisations to appoint a Data Protection Officer. GDPR also states that the Data Protection Officer should have "expert knowledge of data protection law".

Crossword can provide your organisation with a part-time Virtual Data Protection Officer who will make sure you stay on the right side of the DPA and, when it is in effect, the GDPR:

  • Inform and advise you on your obligations under GDPR
  • Monitor compliance with GDPR and other data protection provisions
  • Aid policy creation in relation to data protection
  • Provide training and information for staff involved in data processing
  • Provide advice on any data protection impact assessments
  • Act as a contact point between your organisation and the supervisory authority

GDPR Personal Data Audit

Discovering, cataloguing and assessing all of the Personal Data your organisation collects and processes is a significant early task in your GDPR programme.  

Crossword's Personal Data Audit service provides you with;

  • Comprehensive register of all Personal Data collected and/or processed
  • Categorisation according to GDPR requirements and Data Breach implications
  • Recommendations - E.g. data cleansing, deletion, preparing for "Data Subject Requests", consolidating, etc.