We’ve detected that you are using an outdated browser. This will prevent you from accessing certain features. Update browser

The General Data Protection Regulation (GDPR)

GDPR is the biggest development in data protection law this century.

Lloyd's Register has a range of General Data Protection Regulation (GDPR) services to help you prepare for compliance with the new law when it is applied in May 2018.


The GDPR will increase safeguards for individuals and making organisations more accountable for how they use our personal data. The GDPR brings data protection to the forefront of your organisation's processes; whether you handle personal information relating to your customers or employees, GDPR will have an impact on the way you work.

The European Parliament approved the General Data Protection Regulation (GDPR) [Regulation (EU) 2016/679] in April 2016 and it will apply from 25 May 2018. It will strengthen data protection for all individuals within the EU regardless of where the data is held. It builds on existing regulations to improve consistency and the safeguards in place.

While the eye-watering fines have grabbed headlines in the business press, the GDPR offers organisations opportunities to streamline processes, develop their employees and build trust with consumers.

What we offer

LR recognises that every organisation is unique. The impact of the GDPR will depend upon the complexity of your organisation and the maturity of your management system.

At LR, we take time to understand the needs and unique circumstances of our clients and their businesses, to act with judgement, sensitivity and care. Our independence means that we’re committed to doing things the right way to reach the highest standards and best outcomes for all, giving our clients confidence in our decisions every time.

In the information security and data protection arena our services cover both training and assessment including:

  • The GDPR Briefing gives an introduction to the principles and concepts found in the GDPR.
  • The GDPR Foundation course explains the implications for your organisation and the steps to take to become compliant.
  • Data Protection Officer (DPO) training helps DPOs prepare for the requirements and responsibilities of their new role.
  • GDPR readiness assessment and gap analysis.
  • Data mapping and classification.
  • We can carry out Data Protection Impact Assessment (DPIA) on your behalf and we can provide DPIA training that gives practical guidance on how to conduct DPIA within your organisation.
  • GDPR controls assessment and attestation.
  • Data protection and information security onboarding via eLearning.
  • Training, Gap Analysis and Certification for ISO 27001 (information security management), ISO 22301 (societal security – business continuity management systems) and BS 10012 (personal information management system). 

Demonstrating compliance through Management Systems
Lloyd's Register (LR) delivers a range of training and certification services for ISO 27001 – the international standard that sets out the requirements for establishing, implementing and improving an information security management system (ISMS) within the context of the organisation. It provides a best practice framework to identify, analyse and implement controls to manage information security risks and safeguard the integrity of business-critical data. 

At present,the GDPR does not mandate third-party certification. However, there is alignment between the requirements of ISO 27001 and the GDPR in terms of how organisations should manage their information security policies, controls and processes. Achieving certification to ISO/IEC 27001:2013 demonstrates a commitment to meeting the requirements of the GDPR – demonstrating both compliance and accountability.

A wide range of assurance services
Don’t let your assurance journey stop with data protection and information security; at LR, we deliver certification, validation and verification assessment services to all of the world’s leading standards and schemes including quality, health and safety, environmental, sustainability, energy management, business continuity and many more. 

What are the benefits?

Build a culture of privacy and trust in your organisation
Regulators are not likely to look favourably on organisations that have made no effort to prepare for the GDPR. The maximum fine for failing to comply – for example using personal data without consent or failing to protect personal data – is up to 20 million EUR or 4% of global turnover for the previous year – whichever is greater. Data subjects will also be able to claim compensation from the controllers or processors who break the law for the damage they have suffered.

The GDPR provides an opportunity to transform your organisation’s culture and processes to be more customer-centric and streamlined. Culture change needs to be led from the top to role model the new practices and behaviours that will create a ‘culture of privacy’.

All organisations are in the same boat, so if you take a proactive approach, you can create an early mover advantage and promote your approach as a clear signal that you respect your customers’ individual rights. Reducing the risk of fines or other sanctions and protecting your brand.

“If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance. But there’s a carrot here as well as a stick: get data protection right, and you can see a real business benefit.”
Elizabeth Denham
UK Information Commissioner

The GDPR introduces the concept of data protection by design and by default. This is an approach that promotes data protection and privacy from the start of a project. This makes it easier to identify and address potential issues and raises awareness of data protection within the organisation. The GDPR requires organisations to consider appropriate technical and organisational measures and integrate data protection into their processing activities to minimise the amount of personal data collected, the extent of processing, the storage period and accessibility.

Why choose LR?

LR’s technical experts have been at the forefront of international standards development and involved in ISMS assessment, certification and training for many years. 

Our high-profile clients in the finance, telecoms, software, internet, consultancy, justice and government sectors trust LR to deliver high quality, consistent and impartial assessments. 

Our assessors are qualified professionals with sector-specific information security and IT experience whose objective view will give you confidence in your own security measures aligned with industry best practice.

Your business helps LR to help others
The profits we generate fund the Lloyd’s Register Foundation, a charity that supports engineering-related research, education and public engagement around everything we do. All of this helps us stand by the purpose that drives us every single day: working together for a safer world.

Want to know more about this service?


Who we work with

We help businesses across dozens of sectors push forward and achieve like never before. How can we help you?

See more case studies

Looking for a bespoke service or solution?

Hit enter or the arrow to search Hit enter to search

Search icon

Are you looking for?