What is GDPR?

Protection and confidentiality of data are the most pressing problems that need to be solved by any organization. Previously, the EU countries used different standards in this area, but with the announcement of the General Data Protection Regulation (GDPR), the data protection rules will be extended and standardized throughout the European Union.

The GDPR was published on May 4, 2016 and will enter into force on May 25, 2018, after a two-year transition period. Legislation applies to all organizations operating in the European Union and processing personal data of EU entities.

Non-observance of the legislation threatens with huge fines of up to 20 million euros or 4% of the total annual world turnover (the largest of these two indicators is taken into account)


Under GDPR, how long do you have to respond to a Data Subject Access Request?


What is the UK's supervising body for Data Protection?


Data Subjects now have the right to have their personal data deleted. This is known as...


If there's a data breach, how quickly should it be reported to the supervising authority?


Race, political views and religion. What type of data is this?


Any data that is already in my system before the 25th will not be subject to GDPR


Under GDPR, all data collected for people under 18 will need parental consent


What are the penalties for non-complaince with GDPR?


How much can I charge for a DSAR (Data Subject Access Request)?


Once you have someone's data, can you use it any way you like?


Excellent, your result is:

Not bad, your result is:

Your result is:


this estimate is only an illustration and can not replace professional advice on the spot. Pay attention to the following notifications.

How can softum simplify compliance?

We offers comprehensive solutions, services and experts that will help you move to a work model in accordance with the GDPR guidelines.
There are five key aspects that need to be addressed.

The requirements of the GDPR must be expressed in specific actions, norms and figures. Determine which indicators need to be measured, whether they indicate effectiveness and how they can be improved.
Staff and Exchange of Information
Teach employees to comply with the requirements of the GDPR. They must understand the risks and possible consequences of misuse of data.
Study your processes: will the impact of the GDPR affect them, what is the scale of the impact and how to make the necessary changes.
Check the quality of the data, learn what data you have and what they are used for, and consider all possible interactions with individual customers, large customers and third-party companies.
This is very important for ensuring the transparency and formation of a trust relationship, which are necessary under the terms of the GDPR.
Protection of fundamental rights to confidentiality (including the security and confidentiality of personal data, as well as ensuring the lawful use, notification, authorization, selection, access, correction, removal, etc.)



The GDPR includes not only the provision of information security, data management and employee training. The entry into force of this document has complex, far-reaching consequences and consists of many components affecting the organization from various sides at all levels.

At the same time, the GDPR is the most relevant at the moment, but it is by no means the last normative document, so a good information management program and technical base are needed for successful work. It is necessary to use a comprehensive approach that takes into account all aspects.

The valuation system developed by us can provide invaluable assistance to those companies that have already started adapting to the requirements of the GDPR, and those companies that are just preparing to take the first steps in this direction. Evaluation begins by identifying the main parties involved in the GDPR process within your organization in each area that you need to pay attention to. This is done with the assistance of an employee responsible for ensuring the confidentiality of data in your organization (you may already have a separate data privacy specialist). Involved persons can include representatives of the human resources department responsible for informing, training and data on employees, representatives of the marketing department responsible for protecting customer and brand data, and IT security specialists. It will be planned to conduct interviews and seminars with all interested parties.

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations.

The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability.
Softum does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.

Want to get in touch with us?