Skip to content


have you begun your gdpr journey?


The General Data Protection Regulation (GDPR) was the single biggest change in Data Protection Legislation for a generation and it came into force on the 25th of May 2018. 

It clearly focuses on the rights of the data subject, security of data, consent, data breaches, Data Protection Officers, processor liability and the requirements of organisations to meet those obligations. The GDPR is applicable to all business from the Small Home Operator, SME to the Large Multi-National and all Public Agencies and Authorities.

The GDPR is a substantial piece of regulation that needs to be met and administered from Board level in an organisation. If an organisation does not meet the regulation the fines are substantive and dissuasive. 


As for general recommendations, the IDPAA’s first and last steps towards compliance are the same, people. Whether it’s assigning a Data Protection Officer or offering data protection training to staff, education is crucial. 

We believe that your data protection team should be cross-functional, with diverse and varied skillsets. Our aim is to educate organisations and to provide clear guidance on how they should re-evaluate the collection of personal data and the use of same.

The General Data Protection Regulation expects you to use a lot of data minimally. People have happily taken as much information as they could whether they needed it or not. GDPR has challenged this, just take what personal data you need for your processing, not everything under the sun.

Steps to Compliance

Simplicity is key when navigating the requirements of the General Data Protection Regulation (GDPR) and most of the regulation should be seen as what is just simple common sense. As business owners we can sometimes forget the responsibility of being a care taker to another’s personal data. We often see the data as ours when in fact it’s not.
If you were entrusted to care for another’s precious item, wouldn’t you make sure that you met that trust head on, that you made sure you did all in your power to protect that precious item that was entrusted to you. Personal data is extremely precious, in the wrong hands or neglectful hands it can impact a person’s life significantly.
Deciding to be a trust worthy company is the first step on meeting the regulation and honouring the trust that a data subject has placed in your organisation.

Step 1: Getting Your House in Order

What data do you hold? What do you do with the data, Does the Data Subject know what you do with their data and if you share it with any other business? Do you have current Data Protection controls in place or do you not?
What gaps do you have?
Are you processing data fairly, securely, for the purpose it was intended, for the time it was intended to be kept for, do you make it available to the data subject, is it consented, or do you rely or other lawful purposes outside of consent.

Read More

Step 2. Found the gaps, issues, concerns- now fix them

DPIA, policy, education of staff, controller/processor contracts, data transfers extra territorial (anything outside the EU) informed consent, transparency, access, data protection officers (if you need one) enhanced security (physical and digital) privacy by design and default

Read More

Step 3. It’s Our culture

Arriving at the final step to regulation is a significant move forward, however we cannot just meet compliance by creating the great policy or having latest security software that’s state of the art. Meeting regulation head on requires a cultural change in an organisation. We can be compliant on paper but if we do not live the program we can not ever meet what is required.

Read More

Our products and features


This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources.

Online Training

We have developed a range of online training to help you and your employees comply with the evidential requirements of the GDPR. Our training comes complete with certificates of completion and can also be certified for CPD by a selection of certifying bodies.


Under the regulation there is a requirement to document and evidence your organisation compliance with the GDRP. IDPAA can support your organisation through the creation and implementation of the following policies:


Training session are classroom style and are interactive and provide real-life situations. All training can be tailored to your specific industry requirements and delivered in-house or at a venue of your choice. Certificate of Attendance and CPD is provide for specific sectors.


There is a requirement under the regulation to appoint a DPO if you process, large amounts of personal data or if you are a Government agency. The GDPR provides that DPO’S “shall be designated on the basis of professional qualities


IDPAA can provide guidance on completing Data Protection Impact Assessments including methodologies and templates that are easy to follow