The Agenci 01635 015600

Now then, do you know the basics of Tennis or GDPR?

Understanding the background and the basic rules in Cyber security (and Tennis) are clearly important.

Not sure if you are aware but Wimbledon aka Tennis is about to arrive in the UK – July to be exact!


Tennis appears to be a game in which 2 or 4 players strike a ball with rackets over a net stretched across a court.  It seems it originated in France during the 1100-1200s and was called “jeu de paume” meaning “game of the palm”


It also seems that everyone should know the basics of tennis – i.e.

  • One player hits or serves the ball from a corner
  • The tournament racket size should not be more than 29 inches in length
  • The official tournament balls must be yellow

… er I hold my hands up to not knowing these basics!


So now that you know the basics of Tennis, do you know the basics of what to initially focus on for General Data Protection Regulation (GDPR)?


If you are not sure, then below is something I tend to do when beginning a GDPR journey with a client – do the steps sounds familiar?


  • Do a Health Check/Gap Analysis of your organisation – how can you safeguard data if you have no idea what/where it is
  • Do a Data Flow exercise and record – this could be a process flow or in a document format – this will help you identify how Personal Data flows through each department within your organisation – making sure you assess the inputs, processing and outputs – this could take a while depending on how complex your organisation is
  • Review the current policies and procedures in place to see if they mention/deal with Data Protection/GDPR
  • Create a Risk Register if nothing exists already and populate with any Data Protection/GDPR findings from your Health Check/Gap Analysis/Data Flow exercise – make sure there are action owners and target dates to work to!
  • Create a Record of Processing Activities (RoPA) document and populate from the findings of the Data Flow and analysis conducted
  • Create any missing mandatory documents that an organisation may not have in place – some examples being Subject Access Request Process, Legitimate Interests Template, Data Retention Policy, Data Protection Policy, Data Breach Notification process.


The above helps me with a client so both sides are clear regarding the basic starting point of GDPR, so there is no hitting the ball back-and-fourth over the net (see what I did there!).


Understanding the background and the basic rules in Cyber security (and Tennis) are clearly important. If we don’t understand what the objectives are and/or how the game is played then we are clearly going to lose. Then it’ll be Game, Set, and Match.  Game over.


Need help?

If you want assistance in assessing your business, then why not have a chat with The Agenci, we are super nice! and will gladly work with you through the Data Protection/GDPR process.


Agenci Information Security is responsible for protecting businesses from cyber threats, cyber-attack, internal threats and business outages. Agenci Information Security ensures clients systems are secure and provide peace of mind through a range of proven specialist information security solutions.

Please contact us here to speak to a member of our team.