What is GDPR?

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a European Union (EU) regulation intended to strengthen and unify data protection for all individuals within the EU as well as addressing the export of personal data outside the EU. EU GDPR becomes enforceable from 25th May 2018 after a two-year transition period and, unlike a directive, it does not require any enabling legislation to be passed by national governments and is thus immediately and directly binding and applicable.

One of the primary objectives of the GDPR is to give control back to citizens and residents over their personal data – eg consent, the right to erasure and subject access requests (SARs) – and to simplify the regulatory environment for international business by unifying the regulation within the EU. GDPR will significantly transform how personal data (noticeably digital data) is initially received, processed, retained and shared. Organisations are required to make changes in their policies, processes and contracts, as well as in technical and organisational compliance measures, to demonstrate and sustain compliance.

Failure to comply can result in significant financial penalties such as 4% of previous year’s annual global turnover.

Our Approach to GDPR

AiM applies a four-phased methodology to delivering an EU GDPR compliant roadmap to organisations:

  • Phase 1 “Discover” – This involves a Data Protection Officer (DPO) focused readiness review to discover all current aspects of the personal data (PD) model, Personal Information Management Systems (PIMS), data flow lifecycle, management and protection of data, and to identify any gaps in compliance with the clauses of the Regulation.  Key outputs are data inventory and data map
  • Phase 2 “Execute” – This involves executing the actions and IT system technology required for gap closure, ensuring sustainable and continuous compliance and management of the data lifecycle. May comprise relevant policies, processes, standards, data protection impact assessments, data incident management, SARs, regulatory roles/responsibilities (eg DPOs) and training
  • Phase 3 “Comply” – This involves embedding all aspects of data protection through “data protection by design and default” governance and full application of the compliance model
  • Phase 4 “Act” – This involves organisational checks to ensure PD data management and breach protection is working effectively and to take action where it is not. Also to review and implement changes to the compliance model arising from revised guidance or changes to EU GDPR.  Finally to monitor and act upon new technology/trends that may impact PD and wider data protection.

We can deploy and configure all the necessary tools to help ensure continuous GDPR compliance.

Our GDPR Services

Phases 1 and 2 of the roadmap will deliver an EU GDPR compliant model to an organisation.  Phases 3 and 4 will ensure it embeds and works effectively in live operation.

AiM can provide expert support to an organisation at any and all stages of the GDPR compliance lifecycle.   In particular we provide:

  • Discovery reviews to understand scope of GDPR compliance implementation, and after implementation to check that GDPR compliance continues to work correctly;
  • Qualified compliance lawyers with expert knowledge of the GDPR regulations and wider corporate governance demands;
  • IT solutions to locate, identify, classify and protect all data – personal and non-personal – implement and maintain data inventories, data maps and to ensure all other requirements of GDPR compliance operate and are tracked effectively; and
  • Interim Data Protection Officers who can provide a cost-effective solution for organisations not wishing or unable to appoint full time roles.
  • Training for managers implementing GDPR compliance, for new data protection officers, and for employees required to understand their role in the new regulations

Our IT system solution architecture for achieving GDPR compliance is shown in the diagram below:


Read how our compliance, cleansing and integration tool, DataBelt®, can help you understand and manage your data for GDPR.

To see a DataBelt®, demo today contact us at

To find out more about our GDPR services, email us at

To find out more about about our GDPR training courses, please click here.