Skip to main content


With the introduction of the General Data Protection Regulations (GDPR) on the 25th May 2018, companies have a general obligation to implement technical and organisational measures to show that we have considered and integrated data protection into our processing activities.

What does GDPR apply to?

The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. 

What constitutes personal data?

A wide range of personal identifiers constitute personal data, including:

  • Name
  • Identification number
  • Location data
  • Online identifier


The consequences of failing to comply with GDPR are significant.

Failing to notify a breach of personal data when required to do so can result in a significant fine up to 10 million euros or 2% of our global turnover.

What is a personal data breach?

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.

Ahead of the deadline, Murray has completed the six steps in the GDPR Roadmap to ensure 100% compliance to the new data regulations.