GDPR Summary and Data Protection Act 2018

GDPR summary contains what the General Data Protection Regulation is, personal data and principles to ensure data protection across the UK in line with DPA 2018.

Get in touch

No salesy newsletters. View our privacy policy.
Group 2
Group 4
Group 7
Group 1
Group 3
Group 5
Group 8
Group 9
Group 10
Group 11

GDPR

Being the standardised data protection law, general data protection regulation directs a wide range of legislation passed by the European Union (EU) to secure and maintain the privacy of the personal data of EU citizens. UK’s GDPR version i.e. DPA 2018 takes care of this in the data protection space.

Data protection law

This law watches the UK businesses incorporate GDPR principles, adopt adequate data security strategies and technical measures to protect from the personal data leakage of the EU citizens. It also focuses on creating a security conscious workflow in the businesses aimed towards reducing cyber attacks, including privacy outbreaks.
checkbox security 768x435 1

See what people are saying about us

Stephen Rapicano
Stephen Rapicano
August 14, 2023
google reviews logo
5 out of 5
A totally professional engagement from start to finish with the highest quality advice and guidance.
Thank you for taking time to leave this feedback, we appreciate your support.
John Blackburn (CaptainJJB)
John Blackburn (CaptainJJB)
August 14, 2023
google reviews logo
5 out of 5
great experienced team, very knowledgable and helpful, willing to adjust the product to suit the customer. Would recommend.
Thank you for your time towards this feedback and continued support.
A A
A A
August 17, 2023
google reviews logo
5 out of 5
The service provided by Cyphere is second to none. High quality testing services. Very reliable and professional approach.
Another five-star review! Thank you for your support and for making our day brighter!
Lee Walsh
Lee Walsh
August 21, 2023
google reviews logo
5 out of 5
Cyphere provide a personal and assured service, focusing on both pre and post analysis in supporting us to change and embed a security cultured approach.
Holistic review just like the holistic cyber approach, thank you for the review.
Luc Sidebotham
Luc Sidebotham
August 17, 2023
google reviews logo
5 out of 5
Highly recommend Cyphere for pen testing. The recommendations in the report were comprehensive and communicated so that technical and non-technical members of the team could follow them.
Thank you so much for your glowing five-star feedback! We greatly appreciate your recommendation of Cyphere for pen testing.
mike Dunleavy
mike Dunleavy
August 31, 2023
google reviews logo
5 out of 5
Harman and the team at Cyphere truly are experts in their field and provide an outstanding service! Always going above and beyond to exceed customer expectations, i honestly cant recommend them enough.
Thank you, Mike, for the 🌟feedback, shall pass these kind words to Harman !
Mo Basher
Mo Basher
August 12, 2023
google reviews logo
5 out of 5
We had penetration tests service for PCI DSS compliance program from the Cyphere! Very professional, efficient communication, great findings that improved our system security posture! Highly recommended!
Thank you for the stellar five-star review! We're over the moon with happiness, just like a rocket fueled by your kind words.
Dan Cartwright
Dan Cartwright
August 14, 2023
google reviews logo
5 out of 5
Cyphere were great in both carrying out our penetration testing and taking us through the results and remediation steps. We would gladly use them for future projects.
Your five-star feedback has us doing a victory dance! We're as thrilled as a penguin sliding down an icy slope. Thank you, Dan, for waddling along with our business and leaving such a fantastic review!
nigel gildea
nigel gildea
September 4, 2023
google reviews logo
5 out of 5
I’ve worked with Cyphere on a number of penetration tests in addition to some cyber essentials support and certification! I’ve found them to be highly skilled and professional. They have consistently understood and met our project requirements and added value to the programme!
Glad you have positive feedback about our security compliance and technical risk offerings. Thank you.
James Anderson
James Anderson
August 14, 2023
google reviews logo
5 out of 5
Cyphere undertook pen testing for us recently. The process was very smooth, and the team were flexible in working around our constraints. The report was clear, actionable and perceptive. I would happily recommend their services.
Holy guacamole! Thank you for being an awesome customer and for brightening our day.
Adil Jain
Adil Jain
August 14, 2023
google reviews logo
5 out of 5
Cypher has been outstanding partner to our agency. I've tried many in the past but they have been extremely meticulous in getting our systems secured. Top class service, we will be working with them for many moons.
Wow, you've granted us the ultimate high-five with your amazing five-star review. Thanks for making us feel like rockstars!
Shaban Khan
Shaban Khan
August 23, 2023
google reviews logo
5 out of 5
Cypher has been an excellent partner and helped us achieve our goals with a great level of expertise, communication and helpfulness making the whole process easy to understand and complete. Well recommended and look forward to working with them again. We highly recommend cyber security consultants to any business.
Thank you for the glowing feedback.
Rajeev Kundalia
Rajeev Kundalia
September 16, 2023
google reviews logo
5 out of 5
I recently had the pleasure of collaborating with Harman for a comprehensive PEN Test through his company, Cyphere. From our first interaction, it was clear that Harman embodies the very definition of an expert in the field of cybersecurity. His vast reservoir of knowledge and exceptional skill set became apparent as he navigated through complex security landscapes with ease and precision. Harman's remarkable ability to convey intricate details in a comprehensible manner made the process seamless and extremely enlightening. His dedication to providing top-notch service was evident in every step, ensuring not only the success of the project but also fostering a sense of security and trust in our collaboration. Working with Harman was nothing short of a fantastic experience. His bright intellect and professional approach to his work were genuinely awe-inspiring. What stood out the most was his genuine passion for his field, reflected in his meticulous approach and the innovative strategies implemented throughout the project. Not only is Harman a maestro in his field, but he's also an incredible person to work with - a true professional who takes the time to understand his client's needs and exceeds expectations at every turn. His vibrant personality and enthusiasm make working with him an absolute joy, fostering a collaborative environment where ideas flow seamlessly. If you are looking for someone who embodies expertise, professionalism, and a personable approach, then Harman and his company, Cyphere, should be your go-to. I couldn't recommend their services more highly. A true beacon of excellence in the cybersecurity landscape!
Tobi Jacob
Tobi Jacob
July 10, 2023
google reviews logo
5 out of 5
I had an amazing experience working with Cyphere! Their communication was top-notch, making the entire process smooth and efficient. From the initial contact to the final result, they were always prompt in getting back to me. I found their team to be incredibly responsive and attentive to my needs. The ease and effectiveness of our communication truly set them apart. I highly recommend Cyphere for their exceptional service and commitment to client satisfaction.
First impressions are everything - we're thrilled that ours was a hit! Thanks for choosing us.

Who does the GDPR apply to? What about post-brexit changes?

The GDPR impacts most organisations around the globe that sell goods/ products to the EU and process data of EU residents and citizens. It applies to both data processors and data controllers, therefore, legally holds them liable in case of personal data breaches.

This includes both data controllers and processors and covers multiple aspects of data usages, such as collection, storage, retrieval, alteration and destruction. Businesses can ensure adherence to EU law (GDPR) by examining the data relationship with their customers. This will help them evaluate and ensure the need for privacy mechanisms or regulatory policies to meet the expectations and specifications of GDPR.

GDPR applies to 768x576 1

The UK left the EU on 31st January 2020. After the transition period (from 01.01.2021), the EU GDPR no longer applies directly to the UK. UK’s equivalent of GDPR is called ‘UK-GDPR’. The DPA 2018 puts EU GDPR’s requirements into practice.

Cyphere’s network pen testing engagement lifecycle methodology is broken into five phases, as demonstrated in the penetration testing methodology diagram.     

What are the seven principles of GDPR?

Recommended Read

The most extensive list of GDPR FAQs

Schedule a Call

How does GDPR define personal data?

Article 4 of GDPR provides a broad context of personal data under its regulatory regime. It refers to personal data as any information relating to an identified or identifiable natural person. This definition of personal data processing includes all information that could directly or indirectly identify the individual through any one or more combination of sources. 

The GDPR protects personal data irrespective of technology and applies to manual and automated processing. Some examples of personal data are:

  • a name or an email address such as name or [email protected];
  • an ID card number such as driving license, National Insurance (NI) number;
  • home address or location data e.g. location services using mobile applications;
  • IP address or online identifiers such as cookie ID, advertising identifier, etc;
  • Records containing personal data such as health records, HR records, customer details, payment details, etc.
GDPR personal data

How does the GDPR differ from the Data Protection Act (DPA) 2018?

GDPR regulates the whole EU citizens’ personal information protection and is far more detailed and demands far more compliance than DPA 2018, that is, the UK implementation of GDPR. The following eight areas are the main differentiators between EU GDPR and DPA 2018.

Personal Information

An extended definition of personal data includes identifiers such as IP addresses, Internet cookies, and DNA.

Right To Be Forgotten

GDPR grants the right to an individual to request the removal of personal data

Consent

GDPR supports individual to consent to refuse automated decision profiling

Penalties

GDPR imposes an increased level of penalties in case of a data breach or failure to comply with the regulations

Data Protection Officer

GDPR mandates the appointment of a Data Protection Officer for specific organisations that process a large amounts of particular categories of data

Privacy Impact

GDPR mandates the privacy impact assessment to verify if the organization fulfills the individual’s privacy expectations and conditions

Child Consent

In the case of GDPR, children over the age of 16 can consent to data processing, whereas the DPA sets this at 13.

Data Subject Rights

GDPR embraces protected measures on subject rights , whereas DPA 2018 has waived the subject rights in some cases (scientific, historical or archiving)

Article 5 GDPR - The data protection principles

The design of GDPR to protect the data privacy rights of EU citizens is mainly developed over six fundamental principles, with the seventh principle ‘accountability’ as the UK GDPR principle. These principles are the central approach to processing personal data in line with GDPR.

  1. Lawful, fairness and transparency: Organization will collect and processes personal data lawfully, fairly and in a transparent manner
  2. Purpose limitation: The collected personal data must be used for specified, explicit and legitimate purposes
  3. Data minimisation: It should be adequate, relevant and limited to what is necessary
  4. Accuracy: Personal data records collected should be accurate and where possible kept up to date
  5. Storage limitation: Data should not be stored longer than required
  6. Integrity and confidentiality (security): Personal information processing must be done in a secure manner, ensuring data protection against unauthorised processing or unlawful processing and accidental loss, destruction or damage.
  7. Accountability: According to the UK GDPR regulator, ICO, accountability is the seventh data protection principle. It states: “The accountability principle requires you to take responsibility for what you do with personal data and how you comply with the other principles. You must have appropriate measures and records in place to be able to demonstrate your GDPR compliance.
GDPR 7 principles 768x576 1 1

See what people are saying about us

Group 90 1 2

Excellent people to work with.

Very good knowledge of requirement and give us correct findings with excellent remedy to improve our security for our B2B portal site.

Head of TechnicalLeading Pharmaceutical Manufacturer

Harman was great, really knowledgeable

Harman was great, really knowledgeable, helpful and on hand to answer any questions. The final report was very clear providing the technical information in an easy to read format which could be understood by the leaders of the business.

IT manager Housing Trust

My experience of the team was 5 star.

They were so helpful, and their technical delivery and client communication were excellent.

Director, Software Development Corporate Services Company

Extremely satisfied

Extremely satisfied with approach, speed and end results. Thanks.

COOInternational fashion label and store
Relevant Read

How to identify, classify and protect sensitive data.

Contact Us Now

Our GDPR security testing is more than tick-box approach

Call Us

GDPR Compliance

Our GDPR solutions are not aimed to push false promises with 100% security and sell fear and uncertainty. The tailored approach helps to assess and address gaps in your cyber security controls as well as strategy, helping you to prepare for detection, response and recovery against the inevitable.

GDPR breaches and fines

Since the GDPR came into effect in May 2018, there have been a number of high-profile data breaches and fines. Here are some of the most notable ones:

  • In 2019, British Airways was fined £183 million for a data breach that occurred in 2018. The breach impacted 380,000 customers/public authorities.
  • In 2018, Facebook was fined £500,000 for its role in the Cambridge Analytica scandal.
  • In 2018, Marriott International was fined €110 million for a data breach that impacted 500 million customers under certain circumstances.
  • These are just a few examples of the GDPR breaches and fines that have been levied since May 2018. The GDPR allows for massive fines of up to €20 million or four percent of global turnover.
documents 1 1

Assessments

Develop an understanding of
your environment to manage
cyber risk effectively

Mask group 18

Security Compliance

Achieve security compliance (PCI DSS,
ISO 27001, GDPR, Cyber Essentials)
while demonstrating your strong commitment to data security

Mask group 17

Managed Security Services

Outline safeguards to limit/contain the impact of an incident

Dark Shadow

One of the trusted penetration testing companies in the UK

Contact Us Today!
Dark Shadow

Pen Testing

Solutions

CBYER SECURITY Managed services

Company

Contact

Manchester
F1, Kennedy House,31 Stamford St, Altrincham WA14 1ES

London
71-75, Shelton Street,Covent Garden,London, WC2H 9JQ

Email/Call

Follow us on

Twitter Facebook Linkedin

Securing your cyber sphere

New Project (15)
New Project (14)
New Project (13)
New Project (12)
New Project (11)
New Project (10)

© 2023 CYPHERE All Rights Reserved.

Scroll to Top