Cloud and Hosting Services Professional Services Infrastructure Solutions Software Licensing and SAM Maintenance and Support Unified Comms and Telephony

Data Protection Act & GDPR Compliance

Most companies hold personal information in the form of employee or customer personal records and therefore must ensure they are compliant with the Data Protection Act. For those organisations wishing to trade with the European Union, they should be getting ready to also comply with the GDPR.

GDPR breaches will incur fines of up to €20 million (or 4% of company turnover) and for breaches of the DPA fines of up to £500,000 can apply.

Systems Assurance offers an advice service to ensure that organisations have the policies, controls, processes and awareness, which will minimise any risk of a Data Protection regulation breach and prosecution.


Systems Assurances’ Information Security Group have vast experience of helping organisations assess the business risks associated with Cyber threats and security breaches through the use of best practice information security policies and procedures.

Our consultants are Cyber Essentials Certified Assessors,ISO 27001(information security standard) and ISO 22301 (business continuity standard) auditors. 


Systems Assurances’ approach to DPA and GDPR compliance is to firstly conduct an onsite workshop with relevant HR, Sales and Marketing and IT representatives within an organisation. The workshop is conducted by a senior Systems Assurance Data Protection consultant and the session is used to understand what type of personal information is gathered, why it is gathered, how it is processed and how data subjects are kept informed of the information that is held and their rights relating to that data.

The Data Protection consultant will then produce a report highlighting the gaps between the company’s current Data Protection practices when bench-marked with the DPA and if required, the GDPR. Our consultant can present the report to board or senior management teams to discuss how gaps can be prevented and mitigate any Data Protection compliance risks that the company may be exposed to.


  • Identify current activities that are regulated by the DPA and GDPR
  • Ensure that the personal data being gathered is justifiable
  • Ensure that personal data is being processed correctly, when relating to the justification
  • Securing personal and sensitive information
  • Handling requests for information and understanding data subject rights
  • Controlling access to personal information
  • Ensuring that adequate levels of transparency and privacy are in place
  • Ensuring accuracy and currency of information
  • Training and awareness relating to Data Protection compliance
  • Breach management
  • Main distinctions between the DPA and GDPR


Typically the Data Protection workshop will take one day, with the report taking 2 days dependent on the size and complexity of the organisation in terms of your Data Protection exposure.


Systems Assurances’ Information Security practice offer a number of valuable certification and enablement services including:

Cyber Essentials Enablement

ISO 27001 Auditing

ISO 22301 Auditing

Information Security Reviews

For further information please contact your Systems Assurance account manager on 0114 292 2911 or email our team


Server Virtualisation

Business Continuity

Health Checks


Backup Solutions

Mobile Working

Internet Security

Forensic Email

Phishing Mitigation Service

Microsoft Office 365 free trial download

VMware download a free trial

Zen Online Cloud Backup

Free SAM assessment