DIY GDPR Compliance System Toolkit

R9,989.00 incl. VAT

All documents are in editable Microsoft Word and Excel format.

The Gintan Luthuli Associates DIY GDPR Compliance System will assist your organization to meet the legislative requirements of the GENERAL DATA PROTECTION REGULATION efficiently and effectively. The system documents and templates include 12 months of updates and support. The GLA system allows you to update policies and procedures enabling GDPR compliance fast. 

Gintan Luthuli Associates have developed a legislatively based DIY GDPR system with editable templates and guides enabling your business to benefit from our years of Risk Management expertise and put you in control of your business compliance easily, expertly and in in an understandable way that you and your employees can easily follow. The system includes training and awareness modules which decrease risk and change employee behaviour without the necessity of changing your existing business services and structures.

If required, GLA can assist organisations with implementation.

GLA can arrange the legislatively required representation in the EU through our channel partners in the EU for all EU States.

Call (+27) 082 852 5113/ (+27) 072 625 4599 and speak to one of our consultants.

R9,989.00 incl. VAT

What is GDPR?

GDPR refers to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

This legislation regulates the “Processing” of “Personal Information”

“Personal Information” means information relating to an identifiable, living natural person or juristic person (sole proprietors, companies, CC’s etc.). This includes, but is not limited to:

  • contact details: email, telephone, addresses etc.
  • age, sex, race, birth date, ethnicity etc.
  • history regarding medical, blood type, employment, financial, educational, criminal, biometric information
  • private and business correspondence


“Processing” means what is done with the Personal Information collected, including, usage, storage, dissemination to 3rd parties, alteration or deletion (whether such processing is automated or not).

Personal information is an asset

For most businesses, personal information is an asset. Whether central to their services or only used for marketing, there is value to having quality personal information (which is a condition of lawful processing) and is secure (another condition of lawful processing). The loss of or damage to this asset results in loss of trust, reputation and can lead to loss of profit.

Some GDPR obligations are to:

  • Collect only information required for a specific purpose
  • Apply security measures to protect the information
  • Only hold the information for as long as you need it
  • Allow the subject of the information to see their data held upon request


When will I be affected by GDPR? Does GDPR really apply to me?

Compliance with the EU GDPR regulations is mandatory for most organisations in the EU. GDPR makes it illegal to collect, use or store the personal information of consumers and businesses unless it is done in accordance with the laws and regulations as prescribed in the GDPR

The GDPR was signed into law in May 2018. The provisions are consistent across all EU member states.

Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU. Specific criteria for companies required to comply are:

  • A presence in an EU country.
  • No presence in the EU, but it processes personal data of European residents.
  • If Information is collected by you in RSA from EU citizens or EU residents their GDPR (General Data Protection Regulations) came into effect on the 25th May 2018 and may affect what you do with any information collected
Share This