Data Protection

Be fully compliant and protected

Before GDPR, data protection was a fairly simple exercise, ensure the systems are secure, limit access to those who need it and encrypt if possible, and don't keep data indefinitely.

After GDPR, this is now a minefield with a significant number of companies not fully compliant. Becoming compliant isn't hard, but understanding exactly what the path to compliance is, is. At GEN we've lived the GDPR journey since its inception in 2018 and as a 'data processor' we must of course be fully compliant.

Hero Image

Process Compliance

The biggest issue with GDPR is that the legislation was written by lawyers and politicians, not business owners. The language is terrible, its often contradictory, and its meaning is often unclear. That being said, when you've worked with it for a while it becomes much easier to implement and comply. Our consultants are experienced in GDPR and data protection as a whole and will be able to quickly identify any area's of non-compliance and suggest solutions. Please consider reading our Blog post about GDPR and Cloud Hosting.

Systems Compliance

If you store personally identifiable information, then you MUST take all reasonable steps to protect it. This means, from a systems point of view that you need to employ encryption and ensure that your computer systems are secure from outside threats. Having a data breach, no matter how small can be a business-ending event, and GEN can provide a full complement of security analysis and penetration testing services to plug up any weaknesses in physical or network security. We can also provide user training, and regular user testing to ensure that your staff are taking security seriously.


There is no requirement in the UK to be audited for GDPR compliance, but some companies feel that an audit of their processes makes sense to comply with other regulation such as BSI9001 or PCI-DSS. We are more than happy to provide an audit of your processes and highlight any weakness or areas of possible improvement.

Subject Access

GDPR gives the general public some reaching powers to request access to their data, make updates, have it removed (withdrawal of consent) and more. You must comply with these requests if they are made, and the penalty for not doing so can be severe. We have a series of software systems that allow people to 'self-serve' these functions, easily integrating with your existing systems and processes.

Version 1.009  Copyright © 2024 GEN, its companies and the partnership. All Rights Reserved, E&OE.  ^sales^  0115 933 9000  Privacy Notice