Data Protection (GDPR)

Protect personal data, earn data subject trust.

It is essential that we protect personal data in our modern, on-line world. Comprehensive data protection legislation provides a framework for data protection, and the EU General Data Protection Regulation (GDPR) was introduced in May 2018 across Europe. InfoSaaS services have helped many organisations to properly understand GDPR’s requirements, and to ensure they remain compliant with its many requirements. Within the UK, GDPR is delivered as the UK Data Protection Act 2018 (DPA) under the supervision of the ICO.


Understanding GDPR's Requirements

All organisations who process personal data should fully understand and demonstrate compliance with GDPR. However, with significant requirements around the assessment of personal data processing, the roles of data controllers and data processors, the increased rights of data subjects and the penalties if things go wrong, this may seem a complex and daunting subject to address.

If help is needed our qualified, experienced data protection specialists would be pleased to assist you with delivery these activities and demonstrating full compliance with the law.

GDPR Documentation

GDPR specifies a mandatory set of documentation and records that need to be produced and maintained – this is to ensure your organisation can demonstrate that it remains legally compliant with its obligations to protect personal data.

The Regulation defines roles and responsibilities, the requirements for privacy notices, procedures for delivery responses to data subjects’ rights request, procedures for reporting personal data breaches and much more besides.

Thankfully, InfoSaaS provides an extensive range of templated policies, procedures, forms and informational guides to assist. These have proved to be invaluable for organisations of all sizes and complexities in recent years.

View document packs

Data Audit Workshops

To be compliant with data protection legislation, it’s essential that all forms of personal data are identified, categorised and assessed. This will include activities about how it is protected, which personnel or systems have access to it, which organisations it is shared with, how long it is retained for, and much more.

The best means of understanding this activity is to undertake a data audit workshop, led by one of our data protection specialists, which will help you to understand exactly what it is you need.

Contact us

Data Protection Impact Assessments

Article 35 of GDPR requires that Data Protection Impact Assessments (DPIAs) are conducted in certain circumstances. These can be considered to be a focused risk assessment as to how personal data is protected as it passes through a data processing operation.

Our InfoSaaS solution provides an intuitive DPIA solution to guide users through the complexity of undertaking such an assessment. The resulting report highlights any issues or areas which require improvement, a report which can optionally be shared with customers, stakeholders or regulators.

Data Subject Rights Requests

Articles 15-21 of GDPR mandate a set of rights for data subjects in relation to  the processing, storage and retention of their personal data.

The InfoSaaS software service includes a repository and GDPR-compliant workflows which allow any data subject requests which are received to be validated and managed to completion in line with the requirements of the Regulation.

In addition, our GDPR Document Pack includes comprehensive procedures and supporting forms that are easy to customise.


Supply Chain Considerations

Your suppliers may have a valid requirement to access or process personal data – either of your own personnel’s data (e.g. a payroll bureau) or to that of your customers’ (e.g. delivering a contracted service). You have a responsibility to assess their compliance with GDPR obligations as a data processor before sharing any personal data.

Such an activity will need to assess whether effective technical controls are robust, whether systems are in place to detect and report personal data breaches, and whether a commitment has been made to co-operate with data subject requests, amongst others. Such obligations are typically included within contracts or formal Data Processing Agreements.

Supplier Capability Assessments

Providing Effective GDPR Training

It is essential that your personnel (and any dependent third-parties such as contractors) are properly trained on their responsibilities for the protection of personal data. This will include understanding agreements on how it is obtained, managed, processed, stored and disposed of, and your organisation’s data protection policies and procedures.

They will also need to understand how to identify and report personal data breaches, how to co-operate with investigating and responding to data subject requests. We would be pleased to explore a suitable data protection training framework which delivers your organisation’s individual training and educational needs.

Contact us

“The Bluemetrix team have found the InfoSaaS solution to be both comprehensive and easy to use: it has made a significant contribution to the maturity and robustness of our information security and data protection activities”.

Liam English, CEO

“The InfoSaaS platform has been enormously helpful as we work towards our ISO27001 certification goal. The structure, support and documentation available have allowed us to make quick progress now that we can easily track all of our assets, risks and actions.”

Chris Thompson, Managing Director

“At the end of the certification audit process, the auditor commented how effective our ISMS is. For me it is very satisfying to hear, from an external point of view, that we’re doing things right”.

Linda Jeffery, Project Manager

“If we weren’t using InfoSaaS, we would have had to use countless documents and spreadsheets – and that would have required far more effort!”

Paola Fulchignoni, Security Officer

“InfoSaaS provides an effective and integrated GRC solution, which makes a significant contribution to the information security posture of our clients. It has provided invaluable in guiding customers towards GDPR compliance, and we remain impressed by the new features which are added on a regular basis. Great work!”

Karen Godwin, Director

“It was clear that InfoSaaS was going to be the easiest to use … and was going to help us keep on top of everything properly.”

James Chillman, Managing Director

Learn more

“InfoSaaS provides established and credible solutions for delivering information security and data governance, proven time and again with successful certification results amongst our client portfolio. We have no hesitation in recommending InfoSaaS.”

Martin Law, Information Security Entrepreneur


Virtual Data Protection Officer

A Virtual Data Protection Officer (DPO) may be the most appropriate way of providing strategic, compliance and operational leadership on data protection matters to organisations that may not be able to afford a full-time resource.

Certified DPOs are an expensive resource. You may instead decide to use a Virtual DPO from InfoSaaS on an ongoing basis; benefiting from their time and experience on demand, on a part-time and often remote basis.

If you would like to discuss how a Virtual DPO could benefit your organisation, please contact us for a confidential discussion.

Contact us