Fixed Price GDPR Readiness Assessment

Do not reinvent the wheel. GDPR is an evolution, not a revolution. 
You do not have to start from scratch. Find out what you have, what is good and where the gaps are.
Our GDPR Readiness Assessment is a fixed price comprehensive assessment which will pinpoint what you must do to be GDPR compliant.
Our clients really appreciate and understand our tried and tested readiness assessment carried out by our experienced GDPR and privacy practitioners.
Call us on 07960 387876 or contact us about our GDPR Readiness Assessment.

GDPR Readiness Assessment and Report

  • Top Risks 
  • Quick Wins
  • Detailed list of remediation and action plan
  • A project/workstreams roadmap

What is the Scope of the GDPR?

Article 3.2 - Organisations Offering Goods and Services into the EU

The scope of the GDPR is often the most debated and confusing element. There have been many posts asking for clarifications of who a data subject is and what is the territorial scope of the GDPR. This is my attempt at explaining what the scope of the GDPR is in a pictorial way. The territorial scope of the GDPR can be complex. It does not only apply to companies in the EU but according to Article 3.2 of the GDPR by the virtue of providing products and services into the EU from outside the EU, the GDPR could apply to organisations located anywhere in the world. The services or products do not necessarily have to be paid for. Various tests such as the currency the fees are paid in and the language used on the website, the advertising target and whether the goods are delivered to locations in the EU is used to decide whether organisations fall in the scope of article 3.2

Article 3.1 - Organisations Established in the EU

Furthermore, according to Article 3.1 of the GDPR, organisations that have a presence in the EU by the way of being “established” in the context of their activities, the GDPR could cover their global personal data processing. Establishment is very loosely defined. An organisation could be established by having just an office, a chapter a sales office/agent, representation a field office etc. in the context of its activities. In such circumstances, the GDPR not only applies to the organisation’s processing of EU data subject's data but also any processing of personal data of any individual regardless of their nationality, residence or physical location. In effect, the GDPR could apply any organisation anywhere in the world and any individual anywhere in the world. In summary, the GDPR could therefore, apply to any person’s personal data anywhere in the world and any organisation processing personal data anywhere in the world.


There is a lot of confusion around what constitutes personal data under GDPR. The problem is unlike PII, the GDPR very loosely defines personal data. It is not PII (Personally Identifiable Information). We have a collated list of what constitutes Personal Data on our site. This appears to the most comprehensive list so far we have seen on the Internet. One thing to remember is that, personal data can be direct or indirect, the indirect data can also be contextual, location based, attributes, descriptions etc.

Our Services

GDPR Services

The EU GDPR comes into force on 25 May 2018. Our GDPR experts can help you prepare your organisation to be compliant and avoid hefty fines. Post compliance we can act as your virtual DPO, and support you in other areas.

Virtual Roles Service

Not every organisation needs or can afford a full time GDPR or Cyber Security experts. We can provide customers with these virtual roles, including Data Protection Officers (DPO) to meet GDPR compliance, and virtual CISO etc.

Call us on 07960 387876 or contact us about our services.

Cyber Security Services

Data is your most important asset and it needs to be protected more than ever. Our experts with many years of designing, implementing, monitoring and generally protecting data can help. We specialise in ISO27001, Security Architecture, Risk Assessment, Risk Management, Secure Software Development etc.

Our privacy and data protection services are underpinned by our Privacy Framework that consists of a complete range of services and tools designed to provide a full spectrum of data and privacy protection services to our clients. Starting with our established and fast-track GDPR Readiness Assessment to remediation, privacy assurance, to establishing PIMS and audit services.

We provide one-stop services for our clients that they can rely on to deliver on time and to the highest quality.

Please contact us for further details of how we can help you to achieve GDPR compliance and ongoing improvement to both personal and other valuable data security.

Call us on 07960 387876 or contact us about our GDPR and other services.

Can we help you with your EU GDPR compliance?

We can take you through scoping, analysis, data mapping, DPIA all the way through to protecting personal data for GDPR compliance.

Do you need help implementing ISO27001?

We can take you from scratch to fully certified ISO27001 ISMS, that manages your risks, protects your data and fits in with your culture.

Virtual DPO (vDPO) Service

Our virtual Data Protection Officer service is suitable for small to medium businesses who do not need or cannot afford a full time DPO but need an experienced data protection officer on call to advise and guide them through their GDPR compliance. We have fixed price services but can also tailor the services around your needs.

Virtual CISO (vCISO) Service

The vCISO service provides you access to a security expert that can advise your senior directors on cyber threats and how to manage them. This is an on-call highly experienced senior cyber security and risk adviser available as and when needed. Please contact us to find out more. We have fixed price services but can also tailor the services around your needs.

Are you managing your GDPR Third-Party risks?

Data Controllers, you need to ensure that your Data Processors are acting on your instructions only. Are you managing the risks that are posed by the supply chain and third-parties from information sharing? Are they? How do you know? We can audit your suppliers, partners and data processors to ensure they are compliant against the GDPR. this includes reviewing contracts, breach management, and reporting processes.

We Won a Best GDPR Speaker 2017 award for a series of GDPR speaking events int he City

GDPR Breakfast Briefing in the City – Moyn Uddin speaking to Risk Managers on Risk-Based Approach to GDPR

Our Chief Privacy Officer, Moyn Uddin talking to Risk Managers from the financial sector and banks about GDPR in the City, September 2017.

Moyn spoke to them about Risk Based Approach to GDPR. On managing risk to the data subject and to the organisation. The interactive presentation lasted for an hour and a half and was followed by questions and answers.

The Breakfast Briefing was held at Xactium

Hi Moyn, 

Thank you for presenting at our GDPR event last Thursday, the event feedback has been positive with attendee’s happy that a lot of their concerns and queries were answered on the spot. ”   – Xactium

GDPR Event – Moyn Uddin speaking on the “72 Hour Breach Notification”.

What organisations need to do now to ensure their people, process, and technology are ready for this important requirement under GDPR.

Date: Wednesday 1st November 2017

Time: 6pm – 9pm


“Dear Moyn,

Thank you for speaking at our Cybersecurity Talks & Networking event! Some excellent presentations yesterday, we received great feedback from our attendees and overall everyone enjoyed the event.”  

– Gulam IT