What is Personal Data

Personal data covers any information that can identify an individual, directly or indirectly. It includes obvious data such as names, addresses and email addresses, but it also extends to information such as online identifiers, photographs and location data to reflect changes in technology.

Key GDPR principles for processing personal data

  • Accountable – must be responsible for and demonstrate compliance with the other principles
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
  • Kept in a form which permits identification of data subjects for no longer than is necessary
  • Processed lawfully, fairly and in a transparent manner
  • Adequate, relevant and limited to what is necessary
  • Processed using appropriate technical or organisational measures
  • Accurate and, where necessary, kept up to date


One Compliance specialise in information security and compliance consultancy. We offer a wide range of services to support your organisation in maintaining compliance with Data Protection Legislation. We always tailor our services to meet the individual needs of a business - no matter where you are in the process, our technical team can provide total support to you and your team.

Privacy Gap Analysis

Our Gap Analysis service will help you assess your current compliance with UK and EU GDPR and identify any areas which need urgent attention.

Privacy Impact Assessment

A Privacy Impact Assessment will help you identify and minimise any potential data protection risks when introducing new processes or systems to a business.

Process and Data Mapping

Mapping the process of data will help you to understand the flow from one location to another. It can also help to describe the flow and identify unintended uses.

Project Management Support

We’ll manage your project each step of the way. Our expert technical analysts will advise on the best routes to take to comply with relevant data protection legislation.

Policy Review & Packages

We’ll review your existing data protection policies and ensure that all your processes are in line with the aims of data protection legislation, to make your environment more secure.

General Remediation Work

Remediation work aims to minimise any current risks for data breaches to within acceptable risk levels creating a safer and more secure environment.

Appoint a Data Protection Officer (DPO)

A DPO is responsible for monitoring a business’ data protection governance, informing the relevant people about impact assessments, as well as acting as the main point of contact for data protection issues.