No matter where they're headquartered, Multinationals will have to be GDRP Compliant to trade with the EU

What GDPR means to you

What are the specific challenges to your sector?

How we can help

Achieve Compliance with the GDPR123 Framework

Want more information?

Contact us to discuss your specific business requirements

Specialised GDPR services for Multinational organizations


Privacy regulations across the world have been increasing in scope and complexity over the last few years, with significant changes having been made in various territories. The European Union’s General Data Protection Regulation (EU GDPR) came into effect May 25th 2018, and of all the data regulations it’s considered the strictest. Crucially, the GDPR also carries the biggest fines if you’re found to be in breach. It is therefore critical that international and multinational organisations are aware of the GDPR facts and how they relate to them.

The GDPR applies equally both to multinational corporations and to smaller non-EU companies wishing to expand into the EU. Non-EU businesses will face several challenges when doing business in the EU. The GDPR applies to them even if they are not based in the EU. The GDPR applies to all processing and all data originating within the EU, no matter who is doing the processing or where that processing takes place.

The scope of the GDPR is effectively borderless – it is the origin of data that matters, not the location of data processors. The only option for businesses that do not want to be bound by the GDPR is to get rid of all their EU customers and users altogether – an impossible proposition and not even a consideration for most.

This presents a unique set of challenges to companies who might not be used to such regulations – but there is no other way but to ensure compliance with the GDPR. Although the challenges posed by privacy regulations scale well with size – with smaller organisations generally having less to do to become compliant – the underlying principles are the same for all.

How do you know if GDPR applies to your organisation?


Do you have customers or partners in the E.U.?
If so the GDPR definitely applies to you and you need to be compliant to continue working with or supplying those organisations.

Do you Accept E.U. currencies?
If you accept these currencies then it can be demonstrated that you are targeting E.U. data subjects.

Are your “Target Markets” E.U. Data Subjects?
Travel and Tourism, Hosting and Data Centres, Software, Cloud Service Providers and E-commerce are some of the hardest hit sectors.

Is your Marketing / Strong Web Presence written in E.U. languages or uses E.U. terms/references?
If you have content written in E.U. friendly terms or languages then it can be argued that you are actively targeting E.U. data subjects.

How we can help


GDPR123 are compliance experts who can guide you through the process of becoming GDPR compliant so that you can build client confidence, help you satisfy due diligence investigations as well as avoid fines and remedial actions imposed by the Supervisory Authorities.

  • Stage 1 Audit / Gap Analysis
    Your organization will be measured against the GDPR which will result in a Non-conformity report.  This is a clear set of instructions that explain what you need to do to become compliant.
  • Prepare a Legal Register and Documents
    Register an interest in the EU as well as review/supply policies, procedures and plans.
  • Cross border transfers
    Make your organization complaint with Cross Border transfers of PII (Personally Identifiable Information).
  • Prepare a Due Diligence Pack
    Quickly turn around and satisfy Due Diligence enquiries.
  • Cyber Insurance Review
    One advantage many U.S. organizations have over their E.U. cousins is their recognition of the culture of Compensation Claims. 40% of U.S. firms have Cyber Insurance compared to only 0.03% of U.K. organizations.
  • Review Web Operations
    This includes Web-based forms to ensure they obtain appropriate and affirmed consent as well as ensuring they are unambiguous.
  • Training and Awareness
    With 8 in 10 data breaches resulting from Human Error, the GDPR requires organisations to implement appropriate organisational measures to ensure the safeguarding of PII (Personally Identifiable Information).  This includes appropriate levels of awareness training.
  • Supervisory Authorities
    EU companies deal with one, their own but you may have 28 soon to be 27 with Brexit!
  • Dealing with Brexit
    We understand the implications of Brexit and will advise you accordingly as the various stages of Brexit are implemented.
  • 72 Hour Breach Notifications
    It is important to have an appropriate and tested plan in place for data breaches.  Failure to have this in place can attract a penalty of between 2% of your global turnover or 10,000,000 Euro (Approx. $12m) or 4% of your global turnover 20,000,000 Euro (Approx. $24m).  The fines are calculated to whichever is the greater and are purposely designed to be dissuasive.
  • Handle SARs (Subject Access Requests and Rights Requests)
    GDPR gives Data Subjects human rights in terms of their Data and with this comes their right to request the Data Controller or Data Processor to undertake certain actions.  Failure to respond to a request in time is a breach if their rights and is taken very seriously so you need to be prepared.
  • Determine and Appoint/Act as a DPO Data Processing Officer
    In some cases a DPO needs to be appointed.  We will help you determine if you need a DPO or make a recommendation if it would be advisable.



Book your 15 minute consultation and speak to one of our experts who can evaluate your needs, and answer any queries you may have regarding the GDPR.

15 Minute consultation form

12 + 13 =



Search All Sectors


Other Sectors


Financial Services
Trade Associations
Marketing / Telesales
Charities / Non-Profit
Child Services / Education
Retail / E-commerce