Skip to Main Content


The EU General Data Protection Regulation (GDPR) came into place on the 25th May 2018 and replaced elements of the current Data Protection Act 1998. This regulation created new legal obligations which have a significant impact upon the way in which organisations handle personal data. 

How is my organisation affected?

All companies operating in the UK which process personal data must comply with the regulation.

Unlike the Data Protection Act the controls, under the GDPR has an impact on both ‘controllers’ and ‘processors’ of personal data.

The GDPR introduced new rights for individuals such as the Right to be Forgotten and the Right to Data Portability, these rights need to be integrated into the operational controls administered by data processors and controllers.

The regulation also introduced mandatory breach reporting to the ICO and the Data Subject. Fines for breaches of the GDPR are also now to be considerable in monetary value.

The ExamWorks Investigation Services approach to information security

In 2014, the ExamWorks family of companies in the UK embarked on a project to re-engineer its businesses, so that data security became a fundamental part of every process. We chose to pursue the internationally recognised ISO 27001 certification to demonstrate our commitment to information security and continue to set the standard in our industry as the market leaders.

In 2016 we achieved certification against the ISO 27001 standard across our sites at Bolton and Durham, providing customers with complete assurance of our commitment to protect all data.

Download our GDPR guide below....