The Fast Track Process

So, how does our service work?

Our mission is to help organisations with privacy guidance and data protection compliance with zero-fuss.

We aim to seamlessly integrate with your organisation to provide expert-driven compliant solutions. Enabling you to keep personal data safe and secure so your customers can trust you.

The General Data Protection Regulation (GDPR) applies to every organisation in the UK that handles or processes personal data.

Under GDPR, individuals have increased rights regarding their personal information, including the right to access, correct, and delete their data. Organisations that handle personal data must ensure it is collected legally and under strict conditions, and they are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners.

Off-site pre-assessment

We learn everything about your business and process during an initial off-site assessment.

Cybersecurity

Department one-to-ones

We hold meetings with department heads to discuss personal data used in their team.

Senior team

Walkabout with a senior staff member to understand the “office floor privacy culture” if required.

Data protection

Off-site reporting

We complete a detailed report of our findings in traffic light format – with an Executive Summary.

Roadmap

A Roadmap to compliance will be delivered with our report.

Privacy guidance and data protection compliance with zero-fuss

What we offer

We’re one of the UK’s leading privacy consulting teams, providing guidance to more than 300 firms.
GDPR and Security
DPO services
We offer DPO packages to suit your business needs – from a basic advisory service for smaller businesses to integrating ourselves within the operation of larger businesses.
Security Icon
GDPR Consultancy
Our Privacy Team consists of expert data protection consultants in the fields of IT & Technical, Legal, Records Management and Marketing.
Global Support
Our Privacy Team consists of expert data protection consultants in the fields of IT & Technical, Legal, Records Management and Marketing.
Training
An effective, demonstrable training programme can be the difference between the ICO taking enforcement action – or not, even if your data privacy programme has just started.
Marketing
Does your marketing comply with the Privacy and Electronic Communication Regulation, 2003 (PECR)? We can make sure it does!
Legal services
Our legal experts can draft data protection addendums into supplier contracts and advise on international data transfers affected by Brexit and Schrems II.

Zero-fuss GDPR compliance from the UK’s best

What is GDPR and how does it affect my business?

Security Icon
What is GDPR?
The GDPR (General Data Protection Regulation is the EU’s data protection framework – enforceable since 25th May 2018.
Non compliance cost
Non-compliance of the GDPR brings the prospect fines of up to €20m, or 4% of global company turnover. Hundreds of fines have been imposed by Supervisory Authorities in the EU and UK to date.
How data breaches happen
A data breach is defined as any accidental or unlawful destruction, loss, alteration, or access to personal data.  Once a breach is identified, you have 72 hours to investigate
Marketing within the law
Unlike other areas of your business, marketing is regulated by a separate legislation – the Privacy and Electronic Communication Regulation, 2003 (PECR).
Data mapping
To understand the types of personal data held in each area of your business (and your right to hold it), Article 30 of the GDPR requires you to conduct a data mapping exercise.

FAQs

Don’t see the answer to your question, click here to ask one of our specialist team.
image-202-soft-light

What does GDPR stand for?

General Data Protection Regulation

When did it come into force?

It came into force across the EU 25th May, 2018

Does it affectme?

It affects any business, or organisation that processes and holds personal data of individuals residing in the EU.

No matter what your size, if you have a website, clients, suppliers, or employees, then you will hold personal data… so the GDPR applies to you.

What is personal data?

Personal data is any information that relates to an identifiable living person. Names, email addresses, telephone numbers and even cookies from websites fall into this category.

What is sensitive data?

Sensitive data, or “special category” data refers to data that uniquely identifies a person – this could include genetic and biometric data (ie, fingerprints), sexual health data, race and ethnicity information.

What about Brexit?

The UK refers to the Data Protection Act 2018 and the GDPR together. While the GDPR is the main document for reference, there are certain instances where the DPA2018 takes precedence – such as matters of national security.

The UK left the EU on the 31st January 2020 and the DPA2018 became our sole data protection framework – and is the law, not a choice.

Further details: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/12/data-protection-and-brexit-ico-advice-for-organisations/

Do I have to register with the Information Commissioner's Office (ICO)?

While there are a few exemptions, most businesses that process personal data must register with the ICO. Failure to do so can lead to a fine.

What are the penalties for failing to comply with GDPR?

Fines are now tiered, depending on the severity of your failure to comply. The maximum fine is 4% of global turnover, or €20m, whichever is greatest. Less severe violations can receive a fine of 2% of global turnover, or €10m.

Do I need to appoint a Data Protection Officer(DPO)?

If you are a public authority, or your main business focus involves the large-scale processing of data, or special categories of data, then you may be required by law to appoint a DPO.

Do I have to report ALL data breaches?

No – but you must keep an internal record of all data breaches. If the breach is unlikely to result in a serious risk to the rights and freedoms of the individuals, then the breach should be reported to the ICO within 72 hours of being discovered – and the individuals affected without undue delay.

What is a data breach?

A data breach is any unauthorised or illegal destruction, loss, alteration, or access to personal data. That may include sending an email to the wrong person, or losing your laptop, mobile phone or USB stick!

What will it cost?

As with our ethos, our pricing structure is simple, straightforward and highly competitive – you only pay for the time we work! Here are some of our popular services and packages.

 GDPR GAP Analysis from £150
per hour.

Our popular packages >

We offer GAP Analysis and Remediation Packages to suit your risk appetite and budget. This ensures the gaps in your compliance are addressed in a timely manner.

GDPR and Security

Monthly GDPR Action and Outsourced DPO Service from only £100 per hour

Our popular packages >

Once you have undertaken your Audit we can create and execute an action plan. We can provide a specialist DPO resource and full access to the full Privacy Team if required.

Security Icon

Monthly GDPR Support for SMEs from only £200 for 2 hours per month

Our popular packages >

Access to our privacy specialists whenever you need it – whatever the question, or query may be. Run your business in confidence knowing you are GDPR compliant.

Testimonials

Latest Blog Posts

The PRIVACYHELPER blog has been created to provide the latest data protection news, privacy-focused articles and guidance from our expert team on UK (and European) data protection law.