What We Do

If you're at the start of your compliance journey, or you simply want a healthcheck on where you are, I can carry out a gap analysis against established data protection and privacy frameworks, producing a scorecard and improvement plan.

I have considerable experience in writing and reviewing policies, procedures and processes for managing compliance with data protection law. I can help if you're looking to develop or refresh your policy suite. Also, if you're looking to review any of your existing privacy notices, or develop new ones, I can help you create ones that are both compliant and to the point.

I can produce and deliver relevant and engaging training sessions for your staff, ensuring that they understand their obligations under the law and the policies you have put in place to manage compliance.

A key element of any data protection compliance programme is understanding what information you hold. The UK GDPR also requires that certain businesses maintain what is known as a ROPA. I can help you with the data mapping process and either create a new ROPA or review your existing one.

Data protection by design and default is a key feature of the UK GDPR. Identifying data protection and privacy risks at an early stage of new projects is essential to meeting this requirement, and carrying out a DPIA is obligatory for high risk activities. I have wide experience in embedding the DPIA process into project and risk methodologies and can also assist you with developing DPIA templates and the completion of assessments.

The people whose data you are using - customers, employees, business contacts, etc - all have various rights under the UK GDPR. I can help you to develop or review your processes for responding to these requests. I am also available to provide resource for managing requests where needed.

An area of privacy law that many people get wrong, but one that I have managed in a number of organisations. I can help you to understand the requirements for all forms of marketing (email, telephone, online, etc) across both B2B and B2C campaigns.

Data breaches can happen to any organisation, but the key is how you respond to them. I can help you to set up processes to manage breaches when they occur or can provide direct assistance if you have just experienced a breach and want to know what to do next. This includes helping you to understand when and how you need to notify breaches to the ICO and the affected individuals.

If your organisation's work involves the transfer of personal data outside of the UK (and this can even include using cloud storage solutions), then there are certain obligations on you under the UK GDPR. I can help you to understand these and get the appropriate controls put in place. I have experience of the EU standard contractual clauses, the UK IDTA and transfer impact assessments.