Are You GDPR Ready?

On the 25th May 2018 the General Data Protection Regulation will be enforced and replace the current Data Protection Directive of 1995. The aim of the new regulation is to enhance and unify data protection for all individuals living in an EU member state.

The regulation applies to:

  • Any organisation that collects & controls personal data from EU citizens
  • Any organisation that processes data on behalf of another organisation (eg. a cloud service provider)

If your organisation is outside of the EU but collects & processes data of EU citizens, the regulation also applies.

The financial implications resulting from a failure to comply are significant. A fine of 20 Million Euros or 4% of the organisation’s global turnover (whichever amounts to more).

Vital preparation to become GDPR ready must begin at CEO and Board level and involve input from multiple departments within any organisation.

How Can We Assist?

Our consultants are highly qualified and experienced in their fields of expertise. Our network includes; lawyers, business/operational and technical specialists as well as highly skilled security architects. We offer a number of flexible packages to suit your business, the DPO services that make up our packages include:

  • GDPR Readiness Reviews
  • Certified Training
  • Awareness Briefings
  • Privacy Impact Assessments
  • Personal Data Audits
  • Notifications Review
  • Rights Workflow
  • Contract Reviews
  • Policy Reviews
  • Privacy Architect Reviews and Guidance
  • Remediation of any issues highlighted by the reviews

Our Packages


Readiness Review

A programme assessment of GDRP Readiness

The GDPR Readiness Assessment Programme is interview-based and covers:

– GDPR essentials/context for your Organisation

– A Readiness Report which covers: a view of your personal data and processing; Estimated Timescales and resource required; Prioritised set of next steps; Appendices identifying relevant GDPR areas

– A Programme Plan with Major Milestones


Data & Purpose Review

An in-depth review of your personal data landscape that provides the basis for lawful processing and documentation under the GDPR

The Data & Purpose Review considers the data subjects and details attributes providing the basis for understanding:

– What personal data you process

– Lawful processing

– Why and where you process personal data

– 3rd party and processors of the personal data


Notifications Review & Remediation

Generation of all required data subject notifications. Ideally, this is supported by the outputs from the Data and Purpose Review

Helps your organisation to address its obligations to data subjects regarding how the organisation is processing their personal data

Depending on the Data & Purpose Review and the personal data identified there may be several notices generated to aid compliance with your GDPR obligations


Data Subject Rights Review & Remediation

Addresses the data subject rights and how your organisation is required to support these

Provides an accelerated approach to identifying what process are in place, validates them against the relevant articles and provides the basis for remediation where required

Uses predefined templates to help review and establish the process quickly

Advises on tools, where appropriate, to address your DSR obligations

Virtual Data Protection Officer (vDPO)

Expert Guidance and Advice

Base Support (M-F)

1 Call / Vistit per Quarter

Standard Plus
Assigned Virtual Data Protection Officer (vDPO)

Expert Guidance and Advice

Base Support (M-F)

On Demand Systems Monitoring and Reporting

Mapping Review

4 Calls / 1 Site Visit per Month

Standard Plus

4 Calls / 2 Site Visits per Month

Contract Reviews and Audits

GDPR Programme Review (per Mth)

Staff Awareness Training

Monthly Reviews of existing/newly implemented policies/processes and procedures to ensure they comply with the GDPR/DPA (new bill)

Premium Plus

4 Calls / 4 Site Visits per Month

Review and Support GDPR Risk Register

Document Review (any other docs)

GDPR “Facts and Snacks” Once a Quarter

Briefing about new developments and any changes to the “compliance” status of the business