Professional, Straightforward Process

So, how does our service work?

The Compliance Journey

  • Security Icon

    Gap Analysis

    Step 1

    We identify the areas that need improvement.

  • GDPR and Security

    Compliance Project

    Step 2

    We work with you to close the gap.

  • Cybersecurity

    Ongoing Support

    Step 3

    We provide outsourced DPO for onging support.

  • Data protection

    Staff Training

    Step 4

    We deliver comprehensive staff training.

Our mission is to help organisations with privacy guidance and data protection compliance with zero-fuss.

We aim to seamlessly integrate with your organisation to provide expert-driven compliant solutions. Enabling you to keep personal data safe and secure so your customers can trust you.

The General Data Protection Regulation (GDPR) applies to every organisation in the UK that handles or processes personal data.

Under GDPR, individuals have increased rights regarding their personal information, including the right to access, correct, and delete their data. Organisations that handle personal data must ensure it is collected legally and under strict conditions, and they are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners.

why choose icon

Off-site pre-assessment

We learn everything about your business and process during an initial off-site assessment.

Cybersecurity

Department one-to-ones

We hold meetings with department heads to discuss personal data used in their team.

team icon

Senior team

Walkabout with a senior staff member to understand the “office floor privacy culture” if required.

Data protection

Off-site reporting

We complete a detailed report of our findings in traffic light format – with an Executive Summary.

roadmap icon

Roadmap

A Roadmap to compliance will be delivered with our report.

Privacy guidance and data protection compliance with zero-fuss

What we offer

We’re one of the UK’s leading privacy consulting teams, providing guidance to more than 300 firms.
GDPR and Security
DPO services
We offer DPO packages to suit your business needs – from a basic advisory service for smaller businesses to integrating ourselves within the operation of larger businesses.
Security Icon
GDPR Consultancy
Our Privacy Team consists of expert data protection consultants in the fields of IT & Technical, Legal, Records Management and Marketing.
global support icon
Global Support
Our Privacy Team consists of expert data protection consultants in the fields of IT & Technical, Legal, Records Management and Marketing.
training courses icon
Training
An effective, demonstrable training programme can be the difference between the ICO taking enforcement action – or not, even if your data privacy programme has just started.
marketing compliance icon
Marketing
Does your marketing comply with the Privacy and Electronic Communication Regulation, 2003 (PECR)? We can make sure it does!
legal shield icon
Legal services
Our legal experts can draft data protection addendums into supplier contracts and advise on international data transfers affected by Brexit and Schrems II.

Zero-fuss GDPR compliance from the UK’s best

What is GDPR and how does it affect my business?

Security Icon
What is GDPR?
The GDPR (General Data Protection Regulation is the EU’s data protection framework – enforceable since 25th May 2018.
compliance letter icon
Non compliance cost
Non-compliance of the GDPR brings the prospect fines of up to €20m, or 4% of global company turnover. Hundreds of fines have been imposed by Supervisory Authorities in the EU and UK to date.
data breach icon
How data breaches happen
A data breach is defined as any accidental or unlawful destruction, loss, alteration, or access to personal data. Once a breach is identified, you have 72 hours to investigate
marketing compliance icon
Marketing within the law
Unlike other areas of your business, marketing is regulated by a separate legislation – the Privacy and Electronic Communication Regulation, 2003 (PECR).
data mapping icon
Data mapping
To understand the types of personal data held in each area of your business (and your right to hold it), Article 30 of the GDPR requires you to conduct a data mapping exercise.

FAQs

Don’t see the answer to your question, click here to ask one of our specialist team.
man on mobile device

What does GDPR stand for?

General Data Protection Regulation

When did it come into force?

It came into force across the EU 25th May, 2018

Does it affectme?

It affects any business, or organisation that processes and holds personal data of individuals residing in the EU.

No matter what your size, if you have a website, clients, suppliers, or employees, then you will hold personal data… so the GDPR applies to you.

What is personal data?

Personal data is any information that relates to an identifiable living person. Names, email addresses, telephone numbers and even cookies from websites fall into this category.

What is sensitive data?

Sensitive data, or “special category” data refers to data that uniquely identifies a person – this could include genetic and biometric data (ie, fingerprints), sexual health data, race and ethnicity information.

What about Brexit?

The UK refers to the Data Protection Act 2018 and the GDPR together. While the GDPR is the main document for reference, there are certain instances where the DPA2018 takes precedence – such as matters of national security.

The UK left the EU on the 31st January 2020 and the DPA2018 became our sole data protection framework – and is the law, not a choice.

Further details: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/12/data-protection-and-brexit-ico-advice-for-organisations/

Do I have to register with the Information Commissioner's Office (ICO)?

While there are a few exemptions, most businesses that process personal data must register with the ICO. Failure to do so can lead to a fine.

What are the penalties for failing to comply with GDPR?

Fines are now tiered, depending on the severity of your failure to comply. The maximum fine is 4% of global turnover, or €20m, whichever is greatest. Less severe violations can receive a fine of 2% of global turnover, or €10m.

Do I need to appoint a Data Protection Officer(DPO)?

If you are a public authority, or your main business focus involves the large-scale processing of data, or special categories of data, then you may be required by law to appoint a DPO.

Do I have to report ALL data breaches?

No – but you must keep an internal record of all data breaches. If the breach is unlikely to result in a serious risk to the rights and freedoms of the individuals, then the breach should be reported to the ICO within 72 hours of being discovered – and the individuals affected without undue delay.

What is a data breach?

A data breach is any unauthorised or illegal destruction, loss, alteration, or access to personal data. That may include sending an email to the wrong person, or losing your laptop, mobile phone or USB stick!

What will it cost?

As with our ethos, our pricing structure is simple, straightforward and highly competitive – you only pay for the time we work! Here are some of our popular services and packages.

Security Icon

GDPR GAP Analysis is billed at £150 per hour.

Our popular packages >

We offer GDPR GAP Analysis to suit your risk appetite and budget. This ensures the gaps in your compliance are addressed in a timely manner.

GDPR and Security

GDPR Compliance Projects are billed at £150 per hour.

Our popular packages >

Based on your PRIVACY HELPER GDPR Gap Analysis or an initial Discovery, the objective of a PRIVACY HELPER Compliance Project is to create an effective Data Protection Framework by addressing identified areas of non-compliance.

Cybersecurity

Outsourced Data Protection Office (DPO) £595 a month for a typical SME service

Our popular packages >

Managing an effective Data Protection Compliance Framework and upholding Data Protection obligations requires an expert knowledge of relevant laws, best practices and GDPR-related Risk.

Testimonials

Latest Blog Posts

The PRIVACY HELPER blog has been created to provide the latest data protection news, privacy-focused articles and guidance from our expert team on UK (and European) data protection law.
News

The Data (Use and Access) Bill (DUA Bill) – October 2024

The Government announced the introduction of the Data (Use and Access) Bill (DUA Bill) in the House of Lords on 23rd October 2024 – the first draft of Labour’s proposed changes to data protection law following the failure by the former Conservative Government to embed their Data Protection and Digital Information Bill (DPDI Bill) in law.

READ MORE