We have the in-house expertise in data protection and direct marketing compliance to assist companies and organisations to ensure compliance with the General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations (PECR).


The GDPR comes into force in the UK on 25th May 2018. The GDPR’s objective is to give individuals more control over the use of their personal information. The GDPR achieves this objective by introducing rules to ensure greater transparency when collecting individual’s personal information, giving individuals more rights in relation to their personal information and requiring organisations that collect and use personal information to maintain an audit trail of their data processing activities.

Download our FREE” GDPR Guidance booklet for Consumer Credit Firms   Click Here

Our GDPR Services

  • GDPR Privacy Policy – A template privacy policy that contains the updated GDPR prescribed terms.
  • Data Protection Schedule (Contract) A data protection schedule to add to contracts with third parties.
  • GDPR Adequacy Assessment – A remote review of firms’ data protection policies and procedures and an update to them to meet GDPR requirements.
  • GDPR Audit – A remote adequacy assessment plus an onsite audit of a firm’s data protection practices.
  • GDPR Premium Audit – A remote adequacy assessment, an onsite audit of a firm’s data protection practices plus provision of a GDPR compliance manual.
  • GDPR Compliance Manual – A GDPR compliance manual which contains GDPR compliant data protection policies and associated templates such as a breach recording form and information asset register template.
  • GDPR Ongoing Compliance Support – Unlimited telephone support in relation to GDPR.
  • Reviewing and updating your data protection policies.
  • E-learning Course – A bespoke GDPR e-learning course designed for firms’ management teams and decision makers.


Understanding Your Obligation

Who does the GDPR apply to?

GDPR applies to all organisations that collect, hold or use personal information. This includes customers’ personal information as well as staff personal information.

How does GDPR affect you?

You will need to update your privacy policy to include the additional information prescribed under GDPR. The purpose of the GDPR privacy policy is to better inform individuals about why you collect their personal information and how you will use it at the offset so that they can make an informed decision to provide their personal information.

You need to conduct an assessment of what types of personal information you collect, how you collect them, what you use them for, who you share them with, how long you keep them and how you keep them safe.

Such an assessment will inform you about any risk areas in your practices and give you a focus in implementing controls to manage those risks.

What’s the worst that can happen if you are not GDPR compliant?

The GDPR gives the Information Commissioner’s Office (ICO) the power to issue organisations with fines of up to €10 million or 2% of global turnover for certain categories of breaches and up to €20 million or 4% of global turnover for other categories of breaches.


If you require any information in regards to GDPR then please contact us below.


Windsor House, Cornwall Road, Harrogate, HG1 2PW

01423 522 599