The EU General Data Protection Regulation

On the 25th of May 2018, the European Union General Data Protection Regulation (EU GDPR) came into force. The aim of the GDPR is to protect the personal information of EU citizens and make it easier for organizations to understand and comply with data protection rules.

The legislation affects all organisations processing personal information or offering goods and services to people within the EU, even if your organization does not have a location in the EU. Cases of non-compliance will be treated with significant financial penalties; 20 million Euros or 4% of your worldwide annual revenue.

GDPR deadline calendar icon

GDPR key points

Privacy: An individual’s personal information such as name, email address, financial or medical details, and even IP address, must be safeguarded in all products and services.

Data Custodianship: Personal information must be traceable through an organisation; How the information is collected, stored, processed and accessed must be known. Additionally personal data may be retained for only as long as an organisation absolutely needs it. Once that data is no longer needed, the regulation requires that the data should be destroyed or anonymized.

Consent: Organisations must gain consent to use and process an individual’s personal information. It must be clearly communicated to the individual what their information is going to be used for.

Right To Revoke: Individuals can revoke their consent for an organisation to use their personal information. They may also request for their personal information to be deleted.

Breach Notification Requirements: Along with the requirements around keeping users’ information safe, the GDPR also includes binding and rigorous data breach notification rules.

LINQ – GDPR the easy way

LINQ is an information flow modelling tool that can be applied to your GDPR challenge immediately.


Personal data

Easily trace the use of personal data within your organisation with upstream and downstream flow modelling.

Storage location

Discover where personal information is processed and stored, mapping which of your systems are subject to GDPR.

Collection, usage and disposal

Identify information collection (who or what collected it), usage (for what purpose) and disposal (what is its lifetime).

Trust boundaries

Record when and to whom personal information is transferred out of your organisation.

Risk management

Identify potential risk areas by visualising your organisation’s information flow.

Faster capture time

You don’t need specialist skills to start modelling information flow to understand how your business currently operates.

See LINQ in action

Capturing the relationships between actions, information, systems, and people, you will have access to insights about how personal information flows through your business.

a LINQ sketch relating to GDPR and annotated with additional details

Additional Resources

The EU GDPR Website

An easy to read version of the GDPR text from Intersoft Consulting

Small business Data Protection Self-Assessment from the Information Commissioners Office

In Australia or New Zealand? Need to know what GDPR means to you? The Contract Company has a resource for you here.

LINQ does a lot more than support GDPR

To understand more about what LINQ can do for your business, read about our benefits.

Interested in LINQ?
Start a conversation with our team today.