top of page



In the world of compliance, the General Data Protection Regulation (GDPR), implemented into EU law in May 2018, was the biggest news of the past 20 years. The regulation underscored attempts by the European Union (EU) to create a comprehensive legal framework for the protection of data of European citizens both within and outside of the EU and the European Economic Area (EEA).

What that means in practice is that any company processing or transferring data from European citizens needed to comply with certain privacy regulations. Even if your business is based in the USA or elsewhere outside of Europe, if you are processing or transferring data from EU citizens you need to be compliant.

Within the GDPR, there are seven principles: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality (security); and accountability. 


Essentially, these mean that companies should only collect and store accurate information necessary for whatever purpose (e.g. delivery or payment information), with permission from the user, for a limited period of time, on secure servers. Someone should also be ‘in charge’ of the data ─ the Controller ─ and therefore accountable for its use.

Putting GDPR into practice, however, has caused a headache for many businesses. Software ─ whether discrete or SaaS ─ needs to be written to follow specific rules, yet those rules potentially change depending on region. There is also the question of how to manage data previously collected.

The Thread Technology team are well-versed in solving these challenges. We incorporate advice from the EU and British Governments, experience working with companies in both the EU and USA, as well as our technical expertise to ensure that every IT project is fully compliant with GDPR as well as any other relevant regulation.

Get in touch today to find out how we can help keep you compliant.



bottom of page