We offer a range of privacy and cybersecurity services, some of which are listed here. Please contact us for the full range of services. We can always tailor bespoke services to fit your needs.

Privacy stuff we can help with you with

DPA Drafting and Review Service

We can draft or review and update existing Data Processing Agreements for both Controllers and Processors. We have deep experience drafting compliant and agreeable DPAs.

GDPR Readiness Review and Assurance Service

Now that you have implemented your GDPR, how confident are you that you have covered everything or done it correctly? Our assurance service will provide you assurance and a second opinion.

GDPR Readiness Assessment Service

A GDPR Readiness Assessment is designed to provide a starting point for a GDPR compliance programme. Our established, tried and tested Readiness Assessment methodology is based on the GDPR, PECR and cybersecurity best practices.

GDPR Implementation

Okay, so the GDPR is finally here.  If you have not already done so then you need to start complying with its requirements, We can help with this from complete implementation to just advising and mentoring. Give us a call and find out how we can help.

DPO as a Service

The Virtual DPO will be your DPO, on call when and if you need the DPO service. This can be as simple as advice on how to interpret the GDPR, provide training, deal with incidents, deal with the ICO or other supervisory authority on your behalf or just be a point of presence for you.

Data Privacy Impact Assessment

Data Privacy Impact Assessment or DPIA is the process of assessing the impact on the privacy of the subject, whose data is being processed. Working in the public sector, our consultants have years of experience of carrying out Privacy Impact Assessments and can help organisations in this area. We can help you with carrying out a DPIA.

Privacy is not the only thing we do.


                                                                 We do all sorts of cybersecurity too.

Cybersecurity stuff we can help you with

Security Architecture and Design

Security is best if it architected and designed properly. With GDPR and the requirements for privacy and security by design, it is vital that you get the security right. We have hands-on experience of architecting and designing multi-million-pound security and privacy architectures.

ISO27001 ISMS implementation

Manage information security risks by implementing ISO27001, the internationally recognised Security Management System (ISMS).

Auditing and Assessment Services

Are you sure your data is safe? Who has your data and how are they protecting the data? Let us provide you with peace of mind and assurance through our auditing and assessment service. We can provide assessments against the major security frameworks and best practices, including ISO27001, ITIL, RESILIA, NIST, ISF etc.

Our privacy and data protection services are underpinned by our Privacy Framework that consists of a complete range of services and tools designed to provide a full spectrum of data and privacy protection services to our clients. Starting with our established and fast-track GDPR Readiness Assessment to remediation, privacy assurance, to establishing PIMS and audit services.

We provide one-stop services for our clients that they can rely on to deliver on time and to the highest quality.

Please contact us for further details of how we can help you to achieve GDPR compliance and ongoing improvement to both personal and other valuable data security.

Call us on 07960 387876 or contact us about our GDPR and other services.

How confident are you of your GDPR compliance?

Now that the GDPR is here and you have completed all your GDPR work, how confident are you that you have done it correctly?

Many organisations are finding that they have been advised poorly and have lost valuable data or have spent money and time on unnecessary things. For example, companies have been sold tools and services they did not require or have many gaps in their compliance. Marketing companies GDPR compliant but oblivious about PECR requirements. HR relying on completely inappropriate lawful basis for processing which is likely to get them into all sorts of issues later on. These are some real examples of GDPR gone bad.

We are providing GDPR, PECR and Cyber Security assurance service for organisations that want a second opinion and assurance that their security and privacy is up to the mark.

Please contact us

Fixed Price GDPR and Readiness Assessment

If you are yet to start your GDPR programme. Do not reinvent the wheel. GDPR is an evolution, not a revolution.  You do not have to start from scratch. Find out what you have, what is good and where the gaps are. Our GDPR Readiness Assessment is a fixed price comprehensive assessment which will pinpoint what you must do to be GDPR compliant. Our clients really appreciate and understand our tried and tested readiness assessment carried out by our experienced GDPR and privacy practitioners.
Call us on 07960 387876 or contact us about our GDPR Readiness Assessment.

GDPR Readiness Assessment and Report

  • Top Risks 
  • Quick Wins
  • Detailed list of remediation and action plan
  • A project/workstreams roadmap

What is the Scope of the GDPR?

Article 3.2 - Organisations Offering Goods and Services into the EU

The scope of the GDPR is often the most debated and confusing element. There have been many posts asking for clarifications of who a data subject is and what is the territorial scope of the GDPR. This is my attempt at explaining what the scope of the GDPR is in a pictorial way. The territorial scope of the GDPR can be complex. It does not only apply to companies in the EU but according to Article 3.2 of the GDPR by the virtue of providing products and services into the EU from outside the EU, the GDPR could apply to organisations located anywhere in the world. The services or products do not necessarily have to be paid for. Various tests such as the currency the fees are paid in and the language used on the website, the advertising target and whether the goods are delivered to locations in the EU is used to decide whether organisations fall in the scope of article 3.2

Article 3.1 - Organisations Established in the EU

Furthermore, according to Article 3.1 of the GDPR, organisations that have a presence in the EU by the way of being “established” in the context of their activities, the GDPR could cover their global personal data processing. Establishment is very loosely defined. An organisation could be established by having just an office, a chapter a sales office/agent, representation a field office etc. in the context of its activities. In such circumstances, the GDPR not only applies to the organisation’s processing of EU data subject's data but also any processing of personal data of any individual regardless of their nationality, residence or physical location. In effect, the GDPR could apply any organisation anywhere in the world and any individual anywhere in the world. In summary, the GDPR could therefore, apply to any person’s personal data anywhere in the world and any organisation processing personal data anywhere in the world.


There is a lot of confusion around what constitutes personal data under GDPR. The problem is unlike PII, the GDPR very loosely defines personal data. It is not PII (Personally Identifiable Information). We have a collated list of what constitutes Personal Data on our site. This appears to the most comprehensive list so far we have seen on the Internet. One thing to remember is that, personal data can be direct or indirect, the indirect data can also be contextual, location based, attributes, descriptions etc.

Can we help you with your EU GDPR compliance?

We can take you through scoping, analysis, data mapping, DPIA all the way through to protecting personal data for GDPR compliance.

Do you need help implementing ISO27001?

We can take you from scratch to fully certified ISO27001 ISMS, that manages your risks, protects your data and fits in with your culture.

Virtual DPO (vDPO) Service

Our virtual Data Protection Officer service is suitable for small to medium businesses who do not need or cannot afford a full time DPO but need an experienced data protection officer on call to advise and guide them through their GDPR compliance. We have fixed price services but can also tailor the services around your needs.

Virtual CISO (vCISO) Service

The vCISO service provides you access to a security expert that can advise your senior directors on cyber threats and how to manage them. This is an on-call highly experienced senior cyber security and risk adviser available as and when needed. Please contact us to find out more. We have fixed price services but can also tailor the services around your needs.

Are you managing your GDPR Third-Party risks?

Data Controllers, you need to ensure that your Data Processors are acting on your instructions only. Are you managing the risks that are posed by the supply chain and third-parties from information sharing? Are they? How do you know? We can audit your suppliers, partners and data processors to ensure they are compliant against the GDPR. this includes reviewing contracts, breach management, and reporting processes.

We Won a Best GDPR Speaker 2017 award for a series of GDPR speaking events int he City

GDPR Breakfast Briefing in the City – Moyn Uddin speaking to Risk Managers on Risk-Based Approach to GDPR

Our Chief Privacy Officer, Moyn Uddin talking to Risk Managers from the financial sector and banks about GDPR in the City, September 2017.

Moyn spoke to them about Risk Based Approach to GDPR. On managing risk to the data subject and to the organisation. The interactive presentation lasted for an hour and a half and was followed by questions and answers.

The Breakfast Briefing was held at Xactium  http://www.xactium.com/xactium-gdpr-breakfast-briefing

Hi Moyn, 

Thank you for presenting at our GDPR event last Thursday, the event feedback has been positive with attendee’s happy that a lot of their concerns and queries were answered on the spot. ”   – Xactium

GDPR Event – Moyn Uddin speaking on the “72 Hour Breach Notification”.

What organisations need to do now to ensure their people, process, and technology are ready for this important requirement under GDPR.

Date: Wednesday 1st November 2017

Time: 6pm – 9pm


“Dear Moyn,

Thank you for speaking at our Cybersecurity Talks & Networking event! Some excellent presentations yesterday, we received great feedback from our attendees and overall everyone enjoyed the event.”  

– Gulam IT