What is GDPR?

With the aim of enforcing stronger data security and privacy rules among organisations when it comes to protecting personal data, the General Data Protection Regulation (GDPR) replaced the Data Protection Act on 25th May 2018. It’s important that your organisation understands the key elements of the Regulation and takes appropriate protection measures to ensure the data you hold is audited, well documented and that all your data collection procedures are GDPR compliant.

So why is GDPR so important? Non-compliance could put significant financial strain on your organisation. Your organisation could be liable for penalties up to €20 million or 4% of global annual turnover (whichever is greater), even if you weren’t directly responsible for the breach. Not to mention the reputational damage incurred. GDPR could mean the beginning of the end if it’s ignored.

Take the first step to GDPR readiness by completing the Capacity GDPR Health Check. Spot gaps in your organisation and address them now to ensure that your organisation is GDPR compliant.

GDPR health check gauage
Find out if you are ready for GDPR...

Do you speak GDPR?

Some of the terms used in the GDPR Health Check may sound unfamiliar. Be sure to familiarise yourself with key terms and phrases before you answer the questions:


This is the first step in achieving data compliance; you need to understand and designate who in your business owns data.


Unambiguous indication or clear positive action an individual gives (via verbal agreement, or expressed in writing) signifying that they agree with the processing of their Personal Data. Consent can also be called ‘permissions’.

Data Controller:

The organisation that collects and uses Personal Data. The Data Controller is a person who (either alone, jointly or in common with other persons) determines the purposes for which, and the manner in which, any personal data are, or are to be, processed.

Data Processor:

The organisation that processes personal data on behalf of the Data Controller. The Data Processor is any person (other than an employee of the Data Controller) who processes data on behalf of the Data Controller.

Data Protection Impact Assessment (DPIA):

The way to identify any risks in the methods used to process data.

Data Protection Officer (DPO):

The individual or legal entity with the responsibility to advise and inform the Data Processor (including the employees who carry out the processing) of their obligations under GDPR.

Data Subject:

The data subject is the individual the personal data is about.

Natural Person:

In legal terms, a natural person is a person that is an individual human being.

Personal Data:

A person’s data (name, ID number, location data, online identifiers or one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity of the natural person).

Personally Identifiable Information (PII):

Any bit of information (data) that allows you to identify an individual person.

Right to data subject access:

The Data Subject’s right to ask a Data Controller for all the Personal Data they hold concerning them – free of charge.

Right to erasure (to be forgotten):

The Data Subject’s right to request that they are erased from your database ‘without undue delay’.

Right to be informed:

The Data Subject’s right to receive adequate and clear information about how their data is, will, or could be used. This could be an open and transparent Privacy Policy.

Right to restrict processing:

The Data Subject’s Right to prevent the processing of Personal Data. This doesn’t mean you have to delete it, but you cannot do more than store it (although make sure to keep enough information to ensure their wish to ‘block processing in the future is respected.

Contact us

We are eager to speak to people about new projects so please use the form below to start the conversation.

Capacity: The Public Services Lab
Suite 3A,
Queen Insurance Building,
24 Queen Avenue,
L2 4TZ

Email: Grace.Nolan@capacitylab.co.uk
Telephone: 0151 305 1045

CPD Accreditation Group | #776783