GDPR represents a level of trust with your customers and this can only be a good thing. Taking personal information and data protection seriously is long overdue. GDPR is here and its job is to protect companies and their customers. Also help build long-term relationships based on mutual respect. Now that does not sound like a bad thing for all concerned. However what does it actually mean and when does it apply?

GDPR was enforced as of
25th May 2018

Enforced to all that process personal data of European residents. This is Law.

€20M or 4% of annual revenue could be at stake for non-compliance

The next question is how do we get there and what does it all mean?

Well it means that if you want to hold or process data from EU data subjects i.e. end users, customers and employees – You need to know what is required to do so.

There are 2 main sides to GDP compliance and they are Privacy and Security. So this manages the Privacy of the EU data subjects and Security of who can access the data and use it.

There are 5 stages to full GDPR compliance.






Take a look at where your data is stored.

Find data stored and if there is a prior agreement to what it is and how it is used.

Assess security gaps and grade them on level of vulnerabilities

Identify a roadmap.
Develop Roadmap to compliance and design implementation plan

Design policies, Business processes and technology to be used.

Identify people who will be responsible to maintain compliance

Create Security plan and remediation document
Implement the plans for Privacy and security.

Distribute policies and procedures to all EU Data Subjects.

Manage security based on access control. Monitor an alert on access.

Implement encryption / privacy enhancing controls

Remediate on any issues found during implementation.
Manage the processes and re-evaluate how they are used and distributed.

Top down approach to assessment of data management. Review on a defined regularity.

Continuation of managements to threats and proactive monitoring to ensure future compliance.

Test your processes and document findings.

Track the data and provide audit trail of how it was used and processed.

Document report based on the monitoring elements and evaluate GDRP activities.

Manage and remediate any breaches to any part relating to GDPR.

So now we have the life cycle reviewed what part of the process looks like where you are? Do you have someone guiding you through this process? Does this all still look confusing and causing headaches?

Well Tractive Solutions can be here to help you through this.

Email to
Or complete our Enquiries Form.