GDPR ComplianceCan we prove it?
If your business handles personal data (customer details, employee records, user accounts) you have obligations under UK and EU data protection law. Most small businesses know they should have this in order, but the work gets put off until a customer questionnaire, an investor's due diligence, or a contract clause forces the issue, by which point the gaps are obvious and the deadline is tight.
GDPR Compliance puts the foundations in place as a defined project. We map your data, write the policies and notices you actually need, and make sure you can demonstrate compliance to anyone who asks. You finish with a complete, proportionate set of documentation and processes that reflect how your business genuinely operates.
In short
- 01A complete, proportionate set of data protection documentation that matches how you really operate.
- 02Evidence you can show customers, investors, and regulators the moment they ask.
- 03A defined project with a clear end point, not an open-ended retainer.
What problems we solve
Most businesses put data protection off until something forces the issue. You're in the right place if any of these sound familiar:
“A customer asks for our GDPR documentation”
You scramble to find or write policies, and the answers come out inconsistent or clearly drafted overnight.
“We've no record of what data we hold”
Nobody can answer “what data, and why”, which undermines every other part of compliance.
“Our privacy notice came from a template”
What you tell people no longer matches what you do, which is exactly what a buyer or regulator looks for.
“Someone asks for a copy of their data”
Confusion over who handles it, where the data lives, and the deadline, all under a one-month legal clock.
“Our lawful basis was never worked out”
Marketing, analytics, and data sharing carry on with no clear justification, a common cause of complaints.
“Staff have had no data protection training”
People mishandle personal data because nobody has told them the rules or why they matter.
How GDPR compliance works
Discovery call
Scope and map
A short discovery call confirms what data you handle and which laws apply. We then map your processing into a Record of Processing Activities, the foundation everything else rests on.
4 to 8 weeks
Build the documentation
We establish a defensible lawful basis, rewrite your privacy notices, and produce the policies, procedures, DPIA process, and staff training you'll actually use.
Annual review
Sign off and review
We close the gaps, hand over a complete, signed-off set of documentation, and offer a light-touch annual review to keep it current as your business changes.
These are the headlines. The full service description sets out every activity, assumption, and exclusion.
Read the full service descriptionCompanies we've worked with.
What we put in place
A proportionate set of documentation and processes, sized to your business, not paperwork for its own sake.
Who it's for
20 to 200 employees: real data protection obligations, but no realistic case for in-house privacy expertise
Handling personal data: customer accounts, employee records, user data, or marketing lists
UK or EU operations: subject to UK GDPR, EU GDPR, or both
Under external pressure: procurement questionnaires, due diligence, or contract clauses asking for evidence
Happy to run the day-to-day: you need to get compliant, not hand privacy over to someone else
What's not included
- A named DPO or ICO contact
- Operating data subject requests
- Ongoing advice between reviews
- Legal advice
- Implementing technical controls
- Acting as your EU Representative
Your project is led by a qualified privacy professional holding recognised credentials such as CIPP/E or CIPM. You work with the same named consultant throughout, and if you later take up the DPO service, the same person can continue, so your context carries over instead of starting again.
Term and pricing
Phase 1: Getting compliant
4–8 weeksFixed fee, scoped after a discovery call
Phase 2: Annual review
OptionalFixed fee per review
This is a fixed-scope project, not a retainer. If you need continuous data protection support, the DPO service is structured for that. Use the calculator for an indicative estimate.
Estimate the costCommon questions
GDPR FAQs
Put your data protection in order.
A short conversation is usually enough to tell whether this project is the right fit, what it would cover, and how long it would take. If the DPO service suits you better, we'll say so.