Skip to main content

Average Time To Become GDPR Ready Is Up To 12 Weeks Or More!

By 17th October 2017Cyber Security, GDPR3 min read

GDPR 25th May 2018!

Do you hold personal information of Employees, Suppliers and Customers? Are you wondering where to go and what to do about GDPR?

For GDPR breaches will incur fines of up to €20 million (or 4% of company turnover) and for breaches of the DPA fines of up to £500,000 can apply.

With the deadline looming and the average time frames required to work towards compliance being 12 weeks.  NOW is the time to begin the process!

Our consultants are Cyber Essentials Certified Assessors,ISO 27001(information security standard) and ISO 22301 (business continuity standard) auditors.


Our Holistic approach to DPA and GDPR compliance is to firstly conduct an onsite workshop with relevant HR, Sales and Marketing and IT representatives within an organisation. The workshop is conducted by a senior Holistic Data Protection consultant and the session is used to understand what type of personal information is gathered, why it is gathered, how it is processed and how data subjects are kept informed of the information that is held and their rights relating to that data.

The Data Protection consultant will then produce a report highlighting the gaps between the company’s current Data Protection practises when benchmarked with the DPA and if required, the GDPR. The consultant can present the report to board or senior management teams to discuss how gaps can be prevented and mitigate any Data Protection compliance risks that the company is exposed to.



  • Identify current activities that are regulated by the DPA and GDPR
  • Ensure that the personal data being gathered is justifiable
  • Ensure that personal data is being processed correctly, when relating to the justification
  • Securing personal and sensitive information
  • Handling requests for information and understanding data subject rights
  • Controlling access to personal information
  • Ensuring that adequate levels of transparency and privacy are in place
  • Ensuring accuracy and currency of information
  • Training and awareness relating to Data Protection compliance
  • Breach management
  • Main distinctions between the DPA and GDPR


Typically the Data Protection workshop will take one day, with the report taking 2 days dependant on the size and complexity of the organisation in terms of their Data Protection exposure.



Marathon’s Information Security practice offer a number of valuable certification and enablement services including:

  • Cyber Essentials Enablement
  • ISO 27001 Auditing
  • ISO 22301 Auditing
  • Information Security Reviews


If you would like to book an initial FREE consultation, please get in touch!