Data Protection Made Simple

Frequently Asked Questions

GDPR came into force in May 2018. It impacts all businesses across the European Union regardless of Britexit. The General Data Protection Regulation (GDPR) brings the Data Protection Act (1998) up to date with current technologies. All business are included from the major corporation through to the one man band.

Major Corporations will have their own compliance teams already in place dealing with things like ISO27001 etc. For them GDPR slots nicely into an existing governance regime.

For smaller organisations that cannot afford the resources of the major companies, dealing with GDPR is a nightmare of contradictory information.

We aim to cut through all that and provide you with a clear path to GDPR compliance that is both effective and affordable. 

We start with a free, no obligation consultation. Here we discuss in more depth how the process works and give you a better understanding of just what GDPR is and your obligations under the regulation.

We will then agree an approach to move this forward that is tailored for you. Many companies want us to complete the entire compliance exercise for them, others are happy to pick and choose, completing certain elements themselves. 

GDPR Compliance is a moving target. As new systems are introduced or upgraded it is important to check that this will not expose you to a breach. This will require an impact assessment. In most cases this would be ‘light touch’ but occasionally it will require more. You will also need to have someone who can deal with any Subject Access Requests and be a point of contact for the Supervisory Authority. We can help with that too.

Scary figures we know. In reality administrative fines will be assessed on a case by case basis.

The regulation says they must be effective, proportionate and dissuasive. But will take into account the nature and circumstances as well as the number of subjects involved.

This headline grabbing figure is the maximum administrative fine that can be imposed if the breach involved special category data – that includes things like medical information, trade union affiliation etc. so, although theoretically possible, we would be surprised to see these figures being imposed.

The best way of measuring this is to look at the Information Commissioners web site under the actions we have taken section to see what fines are being imposed under the current act. Be aware that the Information Commissioner is responsible for enforcement under a number of regulations. Not all actions have been taken under GDPR.


Data Protection Officer as a Service

So you have a Subject Access Request - what do you do?

You think you have been hacked - what next?

Access to a Data Protection Expert when you need it.

Cyber Incident Response Management

When you have a cyber-incident, the speed in which you respond and re-mediate the threat will make a significant difference in controlling risk, costs and exposure.

Cyber Health Check

Our Cyber Health Check combines on-site consultancy and audit with remote vulnerability assessments.

We will identify your actual cyber risks and audit the effectiveness of your responses, creating a prioritised plan for managing those risks in line with business objectives.

Cyber Essentials Certification

Cyber Essentials is an official UK wide, government-backed certification that helps companies guard against the most common cyber threats and reduce your risk by at least 80%. It also allows you to demonstrate your commitment to cyber security to prospective customers.

Cyber Essentials Plus Certification

Cyber Essentials Plus is the highest level of certification offered under the Cyber Essentials scheme, an official UK wide, government-backed certification that helps companies guard against the most common cyber threats and reduce your risk by at least 80%.

ISO 27000 Accreditation

SO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organisations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.

Contact Us


We will reply as soon as possible


Mon - Fri 09:00 - 18:00

Website was built with Mobirise