GDPR Compliance & Information Security

Protect your customer data in line with Article 5 of GDPR.​

What are the requirements for Information
Security under GDPR?

GDPR requires organisations that process personal data do so in a secure manner. Organisations should have appropriate security in place to prevent compromise of the personal data that they process or control.

Understanding and documenting the information security risks faced by your organisations, along with the details of what controls and measures you put in place to mitigate these risks are key to being able to demonstrate compliance with the GDPR. Failure to comply can result in fines of up to 20 million euros or 4% of annual global turnover.

Estate Agency – Life at Parliament View Ltd

Fined £80,000 for failing to protect personal data stored on a server.

Building Material Supplier – Construction Materials Online LTD

Fined £80,000 for failing to protect personal data stored on a server.

Financial Services – Equifax

Fined £80,000 for failing to protect personal data stored on a server.

Does GDPR apply to small organisations?

GDPR applies to small businesses of all sizes. In fact, the UK Information Commissioners Office has taken enforcement action against a number of small businesses for failing to meet data protection requirements.

“If a company is subject to a cyber-attack and we find they haven’t taken steps to protect people’s personal information in line with the law, they could face a fine from the ICO. And under the new General Data Protection Legislation (GDPR) coming into force next year, those fines could be a lot higher.” – Sally Anne Poole, ICO enforcement manager

How can Bleam help?

GDPR Compliance Assessment

We can assess your current standing to determine whether you are currently operating in compliance with the security requirements set out by GDPR. Our findings will be compiled into a detailed report that highlight any gaps that we identify and the recommended remedial actions.

Managed Security Services

We offer a range of Managed Security Services that can help to ensure your organisations ongoing compliance with GDPR.