Data protection/EU GDPR compliance

Before the GDPR (General Data Protection Regulation), all EU member states were governed by their own national data protection laws. In Belgium, this was de Privacywet, which was implemented on 8 December 1992 and derived from the 1995 DPD (Data Protection Directive). The GDPR has changed this, providing one overarching law for all EU member states.

The Regulation has introduced two major changes:

  • Increased rights for data subjects – who have the right to seek judicial remedies against any organisation processing their data, as well as the right to obtain compensation for damages caused by GDPR breaches.
  • Significantly increased administrative fines for non-compliant organisations (up to €20 million or 4% of annual global turnover, whichever is greater).

Accordingly, the Wetsontwerp tot oprichting van de Gegevensbeschermingsautoriteit was promulgated on 23 August 2017 to reform the Commissie voor de bescherming van de persoonlijke levenssfeer (now known as the Gegevensbeschermingsautoriteit), giving it new enforcement and investigative powers’. 

It is therefore vital that organisations take the GDPR seriously and make every effort to comply. IT Governance can provide everything you need for your GDPR compliance project. 

Information on the EU GDPR, and Data Protection

GDPR information

For general information about the GDPR, visit our dedicated GDPR page


Our free webinars cover a range of topics, including the GDPR.

Green papers

For more in-depth information about the GDPR, brosw our green papers.

Products and services

To comply with the GDPR, data controllers must “implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation”. These measures must include appropriate data protection policies and adherence to codes of conduct or management systems certification. 

The starting point for all organisations seeking to demonstrate that they have implemented these measures should be an ISO 27001-compliant ISMS (information security management system).  We’ve been helping organisations implement ISO 27001 for more than a decade, and have led more than 400 certifications to date. What’s more, we guarantee certification.

Here are a few ways we can help meet your GDPR compliance needs.


IT Governance’s publishing arm, ITGP, provides a wide range of IT GRC books, pocket guides and implementation manuals to assist you on your compliance journey, including the bestselling EU GDPR – An Implementation and Compliance Guide. .

View our full range of data protection and GDPR books >>


The GDPR encourages the adoption of certification schemes as a means of demonstrating compliance. With years of experience of information security management and data protection projects, our consultants are well placed to assist you.

Documentation toolkits

Creating documentation for a management system can be difficult. Our documentation toolkits contain fully customisable templates that have been written and field-tested by our consultants.

  • EU GDPR Documentation Toolkit

    This toolkit provides the customisable documents, policies and procedures essential for any organisation looking to achieve GDPR compliance.

  • ISO 27001 ISMS Documentation Toolkit

    Accelerate your ISO 27001 project with expert guidance and customisable documentation created by ISO management system practitioners.

Penetration testing

Penetration testing is an essential step for any organisation seeking to demonstrate appropriate security of its systems. Regular penetration testing enables you to proactively identify and remediate any exploitable vulnerabilities in your organisation’s Internet-facing applications and infrastructure.

Click here for more information >>


vsRisk, the industry-leading ISO 27001-compliant risk-assessment tool, can save hours of work for organisations wishing to demonstrate compliance with an ISO 27001 risk-based approach.

Click here for more information >>


Our experienced data protection consultants deliver GDPR training sessions that are built on our extensive practical experience advising on data protection compliance and information security management.

  • Certified EU GDPR Foundation Training Course
    • One-day course.
    • Provides a comprehensive introduction to the GDPR.
    • Covers the implications and legal requirements for EU organisations of any size.
    • Successful candidates will gain the EU GDPR F qualification from IBITGQ.

      Click here for more information >>

  • Certified EU GDPR Practitioner Training Course
    • Four-day course.
    • Provides an in-depth examination of the Regulation, including implementation requirements, necessary policies and processes, and the essential elements of effective data security management.
    • Successful candidates will gain the EU GDPR P qualification from IBITGQ.

      Click here for more information >>

Both courses are available in classroom, Live Online and distance learning formats.

Speak to an expert

Please contact our GDPR team for advice and guidance on our products and services.