Contact Us

Contact Us

Please get in touch using the form below

1000 characters left
I prefer to be contacted by:
View our privacy policy
Book a penetration test today. Get in touch.


The GDPR - ensuring a high level of data protection across the UK and Europe

The General Data Protection Regulation (GDPR) is one of the most wide-ranging pieces of legislation passed by the EU in recent memory. It was introduced to standardise data protection law across the single market and give people in a growing digital economy greater control over how their personal information is used.


Who does the GDPR apply to?

All organisations that process personal data and operate within, or sell goods to the EU are impacted by the GDPR. The definition of processing is designed to cover practically every type of data usage and includes collection, storage, retrieval, alteration, storage and destruction.

The GDPR applies to both data ‘controllers’ and ‘processors’. Data controllers determine the purpose and manner in which data is processed. Data processors are any third-party undertaking data processing on behalf of a controller.


How does Brexit affect the GDPR in the UK?

A montage of compliance related security images

In the UK, the requirements of the GDPR are implemented and ratified by the Data Protection Act 2018.

Under the UK’s Brexit Withdrawal Agreement Bill, a transition period will run until December 31, 2020, during which time the GDPR and DPA will continue to apply side-by-side. During this transition phase, the UK and EU will attempt to negotiate a new data privacy arrangement, but the UK government has stated that the majority of GDPR and DPA provisions are likely to remain in place.

Personal data

What is personal data?

Article 4 of the GDPR defines personal data as ‘any information relating to an identified or identifiable natural person’. For most organisations, this means implementing appropriate measures to protect information relating to employees, customers and partners. The GDPR expands the definition of personal data to include all information that could be used to indirectly identify individuals. Other examples of personal data include:

  • ID numbers
  • IP addresses and cookie IDs
  • HR records
  • Customer contact details
  • Health records
  • Biometrics
  • CVs and employment details
  • CCTV and call recordings

Need advice or help from our friendly team?

Get in touch


How does the GDPR differ from the Data Protection Act (DPA) 1998?

Personal information

An expanded definition of personal information to include online identifiers such as IP addresses.

Increased sanctions

An increased level of fines for organisations that fail to comply and/or suffer a personal data breach.

Data Protection Officers

The need for some organisations, such as public authorities, and those that process large amounts or special categories of data, to appoint a Data Protection Officer.


A tightening of the consent rules governing the collection and use of personal information.

Right to be forgotten

The right for individuals to be forgotten, by requesting the erasure of their personal data from company records.

Privacy by design

Promotion of privacy by design - ensuring data protection is taken into account at every stage of a product development process.

Article 5 Principles

Personal data shall be...

Processed lawfully, fairly and in a transparent manner
Collected for specified, explicit and legitimate purposes
Adequate, relevant and limited to what is necessary
Accurate and, where necessary, kept up to date
Retained only for as long as necessary
Processed in an appropriate manner to maintain security

Protecting personal data

The importance of ensuring the security of personal data

In order to ensure ongoing data security, principle six of the GDPR states that personal data should be processed in an appropriate manner.

Protecting personal data against unauthorised processing, accidental loss and destruction forms an integral part of measures all organisations should take.

Read our GDPR compliance guide
A cloud environment being monitored for threats

GDPR Solutions

Tailored solutions for GDPR compliance

By helping you to understand and address gaps in your organisation’s cyber security as well as proactively detect and respond to threats when they occur, Redscan’s managed security and assessment services support swift, hassle-free GDPR compliance.

ThreatDetect MDR

Managed Detection and Response

Award-winning support to rapidly detect and respond to the latest threats 24/7

Read more
A range of security assessment services

Assessment Services

Specialist engagements to uncover and address hidden cyber security risks

Read more
A person choosing from a range of Managed Security Services

Managed Security Services

Expert help to manage and monitor your choice of security technologies

Read more

Get in touch

Complete the form for a prompt response from our team.

Two Redscan team members analysing cyber security intelligence

1000 characters left
I prefer to be contacted by:
View our privacy policy


Discover our latest content and resources

From the blog
From the blog Case studies Latest news
26th September 2022
Ransomware affiliates adopting data destruction
A new report suggests that ransomware affiliates are experimenting with new data destruction capabilities in order to evade detection, increase their chances of receiving payments and reduce the advancement of decryptor toolst.    
21st September 2022
Four-fifths of companies affected by critical cloud security incidents
New research has shown that around 80% of organizations experienced a severe cloud security incident over the past year.    
12th September 2022
More than three-quarters of retailers hit by ransomware in 2021
No less than 77% of retailers around the world were hit by ransomware in 2021, according to new research.  
5th September 2022
Supply chain risk a key security priority for organisations
A new survey has revealed that supply chain risk is now a key concern for organisations due to their increased reliance on cloud-based solutions.