Data Subject Requests (DSAR) Management
We assess the request and its context, manage the response process and streamline the response process of any future Data Subject Requests.
Data Mapping & Gap Analysis
We assess your current data practices, identify compliance gaps, and build a roadmap for achieving UK and EU regulatory alignment.
Policy & Procedure Development
We help you draft and implement clear, effective policies, from data retention and subject access requests to breach response protocols.
Vendor & Contractual Compliance
We support you in managing third-party relationships, including reviewing Data Processing Agreements and conducting vendor risk assessments.
Data Protection Impact Assessments (DPIAs)
We guide you through DPIAs for high-risk processing activities, helping you evaluate and mitigate privacy risks.
Privacy-by-Design Consulting
Implementation of privacy principles into the design and development of digital products and services.
Cross-border Data Transfer Compliance
Implementation of international data transfers mechanisms, including the use of Standard Contractual Clauses (SCCs) and adequacy decisions.
Ongoing Compliance Support
We offer flexible support packages, including outsourced Data Protection Officer (DPO) services, to help you maintain compliance over time.
UK GDPR Update- Data (Use) Access Act (DUAA)
We assess your existing data protection framework to streamline compliance, making the most of the efficiencies introduced by the DUAA.
Please reach us here if you cannot find an answer to your question.
To become GDPR compliant, you should start by mapping all personal data you collect and process. Then, assess your legal basis for processing, update or implement privacy notices, implement data protection policies, train staff, and ensure you have procedures for handling data subject rights and breaches. Regular audits and documentation are also essential.
The GDPR applies to any organisation that processes personal data of individuals located in the European Union or in the UK, regardless of where the organisation itself is based. This includes businesses outside the EU and the UK that offer goods or services to EU or the UK residents or monitor their behaviour online. The latter also need to consider whether they need a GDPR Representative under Art. 27 GDPR.
Personal data refers to any information that can identify a living individual, either directly or indirectly. This includes names, email addresses, phone numbers, IP addresses, location data, and biometric or health information. Importantly, compliance with data protection laws is mandatory regardless of the volume of data being processed. There are no exemptions for handling small amounts of personal data.
We use only necessary cookies. They help us make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Necessary Cookies that we use are:
dps_site_id- this is a session cookie used for optimising the speed and performance of the website. It is a session cookie, meaning that it last only for as long as you remain on the website.
olaGopayCartOn- this is a session cookie
olaGopayCartOnTs- this is a session cookie