The Drummond Group


Global Data Protection Act (GDPR), becomes effective on May 25, 2018. Organizations across all industries, are working to close the gap toward GDPR compliance as well as understand the impact the law has on their business and risk management process.

The Drummond Group has assembled a number of resources to help you, including webinars, prep guides, and industry experts who are on call for you. We have several clients that have turned to us for assistance, and we can help you too.

Quick Facts

  • GDPR will impact you if you have EU customers or employees.
  • Adds “the right to be forgotten”
  • Requires breach notification within 72 hours of detection
  • You must name a Data Protection Officer.
  • If affected, you must review your privacy practices and update notices.
  • You must know where data belonging to data subjects resides and protect that data.
  • Penalties for non-compliance range from 4% of annual revenue to approximately €20M.

Service Types

GDPR Gap Analysis & Readiness Assessment 

A gap analysis service based on an interactive interviews and process review. Using our cybersecurity expertise, our CCSFP or CISA certified analysts will recommend actionable steps to resolve any identified gaps. At your direction, we will review these actions with legal counsel.

GDPR Advisory Services

Once gaps are identified, our team can update your policies, procedures. These changes will be accompanied by a well-honed plan to implement the new policy within your company’s particular situation. Whether you need changes in breach notification, breach communication, third-party assessments, or assistance with data protection officer roles and responsibilities, we can help.


As the second-longest serving HITRUST assessor, we are able to provide HITRUST certification services that include GDPR controls. Not ready for HITRUST? Our GDPR analysts can help you get there!

Speak with an assessment advisor today!

Contact Us