Our Expert Consultants Are Here To Help

We won't spam you.

GDPR Consulting Services

GDPR Enforcement 25 May 2018 - Start Gap Analysis Today!

GDPR Compliance in 6 Easy Steps




Gap Analysis









Our approach

The right approach to data security is crucial in achieving GDPR compliance. Wenso’s Readiness Assessment programme entails an audit of key areasof your organisation and data protection capabilities, helping you identify gaps and prepare a GDPR compliance strategy aligned to the GDPR obligations.

Keys Steps to GDPR Compliance

GDPR Impacts, Risks and Fines

Frequently Asked Questions

Q: When is the GDPR coming into effect?

The GDPR,Europe's new framework for data protection laws, came into force in April 2016 after it was approved and adopted by the European Parliament and the European Council through a four-year consultation process with all the EU member states. GDPR is a regulation, not a Directive, and hence it does not require any enabling legislation to be passed by government. The regulation will be enforceable from 25 May 2018.
Within the UK, the GDPR will be applied automatically, replacing the previous 1995 Data Protection Directive, which current UK law is based upon.Data Protection Bill.

Q: Who does the GDPR affect?

The GDPR not only applies to organisations located within the EU but it also applies to organisations located outside of the EUthat store, process, monitor or share EU citizens’ personal data. Thus, GDPR rules will apply to all companies that carry out any form of trade (goods or services)with data subjects residing in the European Union, regardless of the company’s location.

Q: What constitutes personal data?

The GDPR’s definition of personal data is much broader than under the UK Data Protection Act (DPA). Article 4 statesthat personal data is “any information that relates to an identified or identifiable living individual”. This includes different pieces of information, which if collected together can lead to the identification of a particular person. For example, a name and surname, a home address, an email address, a photo, an identification number, location number, location data (e.g. the location data function on a mobile phone), bank details, posts on social networking websites, medical information, an Internet Protocol (IP) address, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.Similarly, ‘pseudonymous data’ – personal data that has been subjected to technological measures (for instance, hashing or encryption)- but can be used to re-identify a person remains personal data and falls within the scope of the law.

Q:What are the penalties for non-compliance?

Organisations can be fined up to 4 per cent of annual global turnover for breaching GDPR or €20 million (approx. £17 million), whichever is higher. This is the maximum fine that can be imposed for the most serious infringements, for example, not having sufficient customer consent to process data or failure to implement measures to ensure privacy by designconcepts. There is also a fine of Up to €10 million or 2 per cent annual global turnover – whichever is higher, if companies are found to not have their records in order, not notifying the supervising authority and data subject about a breach, or not conducting impact assessment.Infringements of the organisation’s obligations (e.g. data security breaches) will be subject to the lower-level fines, whereas infringements of an individual’s privacy rights will be subject to the higher-level fines. As these rules apply to both controllers and processors - 'clouds' too will be liable for GDPR enforcement.

Are you ready to tackle your GDPR readiness?

Readiness Assessment

  • Face-to-Face Consultation
  • Data flow Analysis
  • Assess - People, Technology, Data and Process
  • Gap Analysis Report Generation

GDPR Implementation

  • Establish Legal Compliance
  • Enable Data Governance Practices
  • Deliver Cultural Change
  • Deploy Technology & Security


  • Satisfy DPO Role Requirement
  • Independent Expert Advice
  • Liaisoning with Data Protection Authorities
  • Mitigate Privacy Risks

GDPR Corporate Training

  • Corporate Training
  • GDPR Foundation Course
  • GDPR Practitioner Course
  • GDPR Awareness Workshop
  • DPIA Workshop

Contact Us

If you have questions on how this regulation affects you and your organisation contact us today!

Address: Suite 2, Ground Floor, No. 5 Universal Square, Devonshire Street Manchester, M12 6JH

Email : gdpr@wenso.co.uk

Phone : +44 (0) 330 223 2109