What is GDPR?

The General Data Protection Regulation in the European Union (GDPR) came into effect on 25.05.2018 as it led to changes in the organizations, processing information, which directly or indirectly identifies European citizens.

The transition towards digitalization and the wide use of online information resources, combined with cloud services and the possibility for large database processing, led to the necessity of expanding the data protection scope through the introduction of the General Data Protection Regulation. The Regulation gives guidelines related to the automated means of data processing and all paper forms, which contain personal data in one way or another.

The GDPR concerns the whole European business, as well as any business, which controls and processes personal data, related to the delivery of goods or services of persons in the EU or monitors their behaviour in some way.

These requirements apply no matter where the organization has been established.

Who does the GDPR apply to?

The Regulation has the following territorial scope:
- Data processing within the organization’s activities, established in the European Union and the EEA, no matter whether the processing takes place in the Union or not.
- Processing of personal data of data subjects (natural persons) by controller or processor, who has not been established in the European Union, when the activities on data processing are related to the offering of goods and/or services of data subjects, located in the EU; or related to the monitoring of their behaviour within the Union (the so called profiling).
- Data processing by organizations, not established within Europe, but in a place where Member State law applies by virtue of public international law.

What is considered personal data under the GDPR?

If you work with personal data, you are in the game!

Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

How does the GDPR affect businesses and all of us?

Each company, working with data, related to EU citizens, will have to comply with the requirements of the GDPR, if it falls into the territorial scope of the Regulation. The Regulation will be applied directly with priority over the norms of domestic legislation. The GDPR applies to all organizations which process and store the personal data of data subjects in the European Union under the above mentioned methods, regardless of the company’s registered seat.

The GDPR imposes severe fines for breaching the data protection requirements and imposes larger obligations onto organizations, by obliging them to be able to prove at any moment that they lawfully and purposefully process and protect the personal data of the EU citizens.

What is the risk of not complying with the GDPR?

The fines, which the supervisory authorities may impose on undertakings for not complying with the principles of the GDPR, can be up to 20 million euros, or in the case of an undertaking, up to 4 % of their total global turnover of the preceding fiscal year, whichever is higher!

How to make our business GDPR compliant?

IS CONSULT SERVICE Ltd provides specific services to achieve compliance with the GDPR. Among them we can list:


The GDPR course is supported by high quality training materials – presentations, visual materials, sample models, useful legislation extracts, etc. The quality of the GDPR course is on European level – the material is provided by lecturers with many years of experience in the public and private sector, working on European law and information security.


It is of crucial importance to know how the GDPR will affect your company – what measures you should take in order to ensure compliance and avoid fines and penalties. During our seminars we will take you through all that you should know. Those, who have completed our seminar, will have clear theoretical and practical knowledge about what you should do to prepare your business and your personnel for the GDPR.


We can make an audit of your current environment and provide you with an analysis for the compliance of your organization with the new requirements of the GDPR. The duration of the audit depends on your environment, scope and the cooperation you provide.


Through our consulting services you can achieve maximum effect in measuring, estimating, defining the compliance and recommendations, related to the GDPR. The last step also includes review of the newly established by your undertaking controls, processes and templates in compliance with the requirements of the GDPR.

Do you have a specific GDPR question?

You have a specific GDPR question that you do not know how to answer from IT and/or information security and/or legal point of view. Please, specify your question and we will provide you with a specific answer in 24 hours.


Do you need a personalized GDPR offer?

We can help you design, develop, coordinate, apply and estimate new policies and processes in order to be GDPR compliant.

Make a request