The EU GDPR has transformed how personal data is collected, shared and used globally
To ensure GDPR and DPA (Data Protection Act) 2018 compliance, organisations must make changes to policies, processes and contracts, and technical and organisational measures. In some instances, those changes could be complex and significant.
UK data protection law is currently being revised. We are following the progress of the Data Protection and Digital Information (No.2) Bill through parliament and will keep you updated on how it might affect your data processing obligations.
Data protection consultancy and GDPR services
Our bestselling DPA 2018 and GDPR compliance consulting services and solutions will help you address common problems.
GDPR data flow audit
Your challenge
You’re not sure what personal data your organisation holds or where it resides.
The solution
A data flow audit pinpoints where personal data is hosted in and outside your organisation and shows where that data flows.
Our consultants will provide you with an inventory of the personal data held and shared by your organisation and a detailed data flow map of your processes.
Get a quote
Data Privacy Manager Service
Your challenge
Covering all elements of data protection, the Data Privacy Management Service provides a flexible, holistic solution to data protection under one easy-to-manage contract.
The solution
Delivered by our sister company GRCI Law, this complete solution has been developed specifically to cater to the needs of organisations trying to comply with the GDPR and DPA 2018.
This service provides unrivalled support and guidance from data security experts and legal specialists.
Get a quote
DSAR as a Service
Your challenge
You don’t have the time or internal expertise to deal with DSARs (data subject access requests).
The solution
Outsource your DSAR needs to a team with extensive experience dealing with such requests.
This annual service is delivered by experienced lawyers, barristers, DPOs and cyber security experts at our sister company GRCI Law.
Get a quote
GDPR Data Protection Impact Assessment (DPIA) Service
Your challenge
You don’t know the data protection risks of introducing a new system or process.
The solution
A GDPR consultant will conduct a one-day, on-site evaluation of the data protection risks associated with your new process or system. They will then provide a remediation plan to mitigate those risks.
Get a quote
GDPR contract and legal services
Your challenge
You’re unsure whether your policies and agreements are GDPR/DPA 2018 compliant.
The solution
Get expert legal advice and support in reviewing and updating privacy notices, policies, supplier contracts and international data transfer agreements.
Get a quote
Breach Management as a Service
Your challenge
You’ve had a data security incident – how do you respond in a timely and appropriate manner?
The solution
Get on-call assistance in meeting the DPA 2018 and GDPR’s 72-hour data breach notification requirements in a structured and compliant manner.
Get a quote
DPO as a Service
Your challenge
Sourcing an appropriate individual to fulfil the DPO role is costly and difficult.
The solution
Get supported by a qualified DPO team who will serve as your independent data protection expert as set out in the DPA 2018 and GDPR.
Get a quote
GDPR EU Representative
Your challenge
You need to appoint an independent representative in the EU to help you deal with GDPR requests.
The solution
Our EU representative service enables organisations outside the EU that fall within the scope of the GDPR to meet their Article 27 obligations.
Learn more
GDPR Gap Analysis
Your challenge
You’re uncertain how much your organisation complies with the GDPR/DPA 2018 or are struggling to determine where to start with your compliance project.
The solution
Get a detailed assessment showing your organisation’s level of compliance and a remediation plan to address the gaps and risks with our GDPR gap analysis service.
Learn more
PECR Audit
Your challenge
You need more clarification of your PECR (Privacy and Electronic Communications Regulations) compliance position from an independent assessor.
The solution
Our PECR audit service gives organisations clarity on their PECR compliance position. An independent, professional assessor will identify areas of non-compliance and deliver a report to help you take remedial action.
Get a quote
GDPR and DPA 2018 training and staff awareness
Your challenge
You need to make sure that all staff and management fully understand their responsibilities under both the DPA 2018 and GDPR.
The solution
We offer certified GDPR/DPA 2018 training courses and staff awareness e-learning courses specifically tailored to your organisation’s requirements.
Learn more
Bespoke GPDR and DPA 2018
consultancy
Your challenge
You’re not sure what guidance to follow to ensure you achieve compliance with the range of current and emerging privacy regulations.
The solution
How we can help you become GDPR compliant
IT Governance offers a wide range of data protection and GDPR consultancy services to meet all needs. Our team of data protection experts can help your organisation with various best-practice solutions, from evaluating your GDPR and DPA 2018 compliance and developing a remediation roadmap, to implementing a data protection compliance framework. Whether you are an SME or a multinational, we can tailor our GDPR advisory services to your needs. Speak to one of our experts for more information or to get a tailored quote.
Request a quote
Consultancy services that can help your GDPR/DPA 2018 compliance
ISO 27001
ISO 27001 sets out the requirements for an ISMS (information security management system), a risk-based approach that encompasses people, processes and technology. Developing an ISMS that conforms to ISO 27001, the international standard for information security, means you will meet the technical and organisational requirements of the GDPR and DPA 2018.
Read more about ISO 27001 and the GDPR
ISO 27701
ISO 27701 is a privacy extension to ISO 27001 and specifies the requirements for developing a PIMS (privacy information management system). The standard includes a set of privacy-specific requirements, controls and control objectives.
Read more about ISO 27701
BS 10012
BS 10012 is a British standard that outlines the specifications for a PIMS (personal information management system). The framework has been developed to help organisations comply with the data protection requirements imposed by laws such as the GDPR.
Read more about BS 10012