Personal data and GDPR: handing over the “car keys” with confidence

Woman's arm extended holding out car keys

What is GDPR, why should you care and how can AXELOS’ RESILIA™ best practice help you manage it? ITSM consultant and trainer, Stuart Rance has addressed these critical questions in AXELOS’ “GDPR: Beyond Compliance” White Paper.

Handing over personal data to an organization is like lending your expensive sports car to a neighbour and trusting them to keep it safe and sound.

You’d want to know your neighbour respects and values your car, that it won’t fall into the wrong hands or be used the wrong way. In fact, you’d probably demand some guarantees before handing over the keys!

In today’s world, where organizations ask us repeatedly to disclose and share personal details online, we should have the same level of concern for our personal data – and so should organizations.

The analogy of borrowing a car and managing data is a great way to illustrate the issues every organization faces in handling personal data when the new EU-wide GDPR regulations come into force on 25 May 2018.

This means that sharing personal data with organizations is no longer just a trade-off for consumers to get access to better services; it compels companies in law to take real responsibility for obtaining permission, respecting individual privacy and protecting data.

Failure to meet the new GDPR regulations, or suffering a data breach, can lead to hefty sanctions including financial penalties of up to 4% of an organization’s worldwide turnover. The stakes are high, so it is vital that data protection procedures are robust.

A new downloadable guide – GDPR: Beyond Compliance – from AXELOS shows how a strong cyber resilience strategy is integral to the managing data protection.

The guide highlights how RESILIA Professional Certified training within organizations will give management and staff an understanding of the procedures or activities needed to meet the GDPR challenge including:

  • Identifying what personal data your organization holds, why and where it is
  • Building in the concept of data privacy from the outset
  • Creating common approaches to data governance
  • Devising policies and ensuring compliance
  • Risk management
  • Being prepared for audits.

Under the new regulations, it is necessary for organizations to show there is a formal GDPR management system in place to protect the data. RESILIA’s practices for ITSM and information security procedures provide a template to produce these records when required.

RESILIA’s governance, risk and policy management guidance also provide a framework to meet GDPR compliance by identifying where staff training, especially from IT, legal or HR departments, is needed so that they all understand the importance of managing personal data.

GDPR also presents business opportunities. By knowing exactly what data you have, and where it is held, enables you to better understand your customers. The data can be used to develop and deliver more targeted goods and services and secure a vital competitive advantage.

So, no matter the personal data you hold GDPR ensures that you protect it by having the right policies and procedures in place. It is just like when you hand over those car keys to your neighbours. They become the car’s custodian and you expect them to be responsible and keep it safe and secure. 

Download AXELOS’ “GDPR: Beyond Compliance” White Paper.

GDPR: Beyond Compliance webinar

Listen to the audio of our webinar with Stuart Rance and Dan Cole, RESILIA Future Portfolio Lead, who discussed how utilizing the RESILIA Cyber Resilience Best Practice guidance and the RESILIA Professional certification can help you prepare for GDPR.

Register for the webinar details

More Information:
Visit to find out more information on RESILIA and the rest of the portfolio.
You can also request a live demonstration of our RESILIA Frontline cyber security awareness training by visiting

Make your people your greatest defence against cyber-attacks today!

Read more AXELOS Blog Posts by Stuart Rance

ITIL® Update: Putting principles before process

Service Desk Improvement - Part 1

Service Desk Improvement - Part 2.

Service Desk Improvement - Part 3

How does 'Focus on Value' relate to the rest of ITIL Practitioner Guidance?

ITIL® Practitioner - Focus on Value

Current rating: 5 (1 ratings)


24 Feb 2018 kai zen
Alternate text
Thanks for your sharing. Hope you can contribute more quality posts to this page. Thank you!
26 Jun 2019 Kyle Kyle
Alternate text
At the first electric car, the creation of which was announced by the Dutch startup Lightyear, orders are accepted, although the serial car will come off the assembly line in 2021. Car show to the public was held on the morning of 06/06/2019 in the town of Katwijk. The startup created a group of enthusiasts in 2016, which previously collected electric cars for the Bridgestone World Solar Challenge competition, where only cars powered by the Sun could compete. Lightyear participants managed to become champions 3 times: in 2013, 2015 and 2017. As a result, the team members decided that the accumulated experience would be suitable for the development of commercial or used vehicles carzaamin(.)com. In the design of the machine - solar panels, which covered the entire horizontal surface of the body. Their total area is 5 square meters. Solar panels are protected by a special coating, the strength of which is beyond doubt, since it can withstand the weight of an adult. The body itself is optimized in aerodynamic terms. Anyways, thanks for sharing the nice piece of stuff with us.
You must log in to post a comment. Log in
GDPR: Beyond Compliance - How RESILIA can help you build trust and add value White Paper Industry
This White Paper looks at some of the most prominent issues raised by GDPR, and shows how utilizing the RESILIA Best Practice can help you prepare to deal with them. Read