General Data Protection Regulation 'GDPR'


The General Data Protection Regulation (EU) 2016/679 commonly referred to as ‘GDPR’ is one of the most significant pieces of legislation affecting the way that EU individuals’ personal data is collected, processed, stored or transferred within the EU. GDPR rules also applies to the transfer of EU individuals personal data outside of the EU and also applies to International companies outside of the EU that are processing the personal data of EU individuals.



Article 83 of the ‘GDPR’ details two tiers of administrative fines:

  • Breaches of ‘Data Controller’ or ‘Data Processor’ obligations are fined within the first tier of up to €10 million or 2% of their global annual turnover, (whichever is higher).
  • Breaches of ‘Data Subject’ Rights and freedoms are fined within the second higher tier of up to €20 million or 4% of their global annual turnover, (whichever is higher).



It certainly pays to be ‘GDPR’ compliant which is why, we at Synergy Management Systems Consultancy, have developed two of the most dynamic, cost effective, Business self-help toolkits for companies needing to implement GDPR compliance themselves within their businesses:

  • GDPR Business D-I-Y Toolkit ‘Implementation’ package version 1.0;
  • GDPR Business D-I-Y Toolkit ‘Policy & Governance’ package version 1.0 and;
  • GDPR Templates (sold separately)


See our Products Page for more details.


Our toolkits and templates fully comply with the GDPR requirements including but not limited to:

The ‘Rights of the Data Subject’ (GDPR - Article 12-23)


1.            The right to be informed

2.            The right of access

3.            The right to rectification

4.            The right to erasure ‘the right to be forgotten’

5.            The right to restrict processing

6.            The right to data portability

7.            The right to object

8.            Rights in relation to automated decision making and profiling


And the ‘Principles relating to processing of personal data’ (GDPR - Article 5)


a)           “processed lawfully, fairly and in a transparent manner in relation to individuals;

b)            collected for specified, explicit and legitimate purposes and not further processed in 

                a manner that is incompatible with those purposes; …

c)             adequate, relevant and limited to what is necessary in relation to the purposes for

                which they are processed;

d)            accurate and, where necessary, kept up to date; every reasonable step must be taken

                to ensure that personal data that are inaccurate, having regard to the purposes for

                which they are processed, are erased or rectified without delay;

e)            kept in a form which permits identification of data subjects for no longer than is

                necessary for the purposes for which the personal data are processed;

f)            processed in a manner that ensures appropriate security of the personal data,

               including protection against unauthorised or unlawful processing and against

               accidental loss, destruction or damage, using appropriate technical or organisational


Print Print | Sitemap
© Synergy Management Systems Consultancy