The EU General Data Protection Regulation (GDPR)

The EU’s General Data Protection Regulation (GDPR) will apply from 25 May 2018, when it supersedes the UK Data Protection Act 1998. Significant and wide-reaching in scope, the new law brings a 21st century approach to data protection. It expands the rights of individuals to control how their personal information is collected and processed, and places a range of new obligations on organisations to be more accountable for data protection.

Crucially for businesses, the GDPR sets out much bigger fines for non-compliance— up to 4 per cent of global annual turnover, or £20m, whichever is greater. At present, the Information Commissioner’s Office can issue a maximum fine of £500,000 for breaches of data rules.

You had until 25 May 2018 to be GDPR Compliant

25 May 2018
Deadline For Compliance has arrived

Compliance is not a choice and time is short

GDPR compliance is not just a matter of ticking a few boxes; the Regulation demands that you be able to demonstrate compliance with the data protection principles. This involves taking a risk-based approach to data protection, ensuring appropriate policies and procedures are in place to deal with the transparency, accountability and individuals’ rights provisions, as well as building a workplace culture of data privacy and security.

With the appropriate compliance framework in place, not only will you be able to avoid significant fines and reputational damage, you will also be able to show customers that you are trustworthy and responsible, and derive added value from the data you hold.

Brexit and the GDPR

UK organisations handling personal data will still need to comply with the GDPR, regardless of Brexit. The GDPR will come into force before the UK leaves the EU, and the government has confirmed that the Regulation will apply, a position that has been stated by the Information Commissioner’s Office (ICO).

The new Data Protection Bill going through Parliament will transpose the GDPR into UK law, and will continue to apply post-Brexit. The Bill also includes a number of agreed modifications to the GDPR in areas such as academic research, financial services and child protection.

Post-Brexit any cross-border data flows between the EU and the UK may no longer carry automatic adequate safeguards. Accordingly, the UK Government is seeking an ‘adequacy decision’ from the EU to continue to share personal data. If this is not forthcoming, other options include seeking a bilateral agreement similar to the EU-US Privacy Shield, or for organisations to implement standard contract clauses or binding corporate rules that would add complexity and cost to data transfers. International organisations should consider Brexit implications in their GDPR planning.


The EU General Data Protection Regulation (GDPR) comes into force on the 25th May 2018! We offer the following packages with no hidden fees of which we will provide you with a face to face consultation of your current policies. We will then supply you with all the GDPR policies and documents to cover and protect your business. Depending on the package you choose with us determines which documents we provide you with.

Many organisations opt for one of our inclusive bundles for a complete approach to GDPR implementation and compliance. You should choose a bundle based on the documents included and not the size of your business (a small firm may require the full toolkit if processing large or high-risk data; whereas a larger company may only need basic GDPR policies if adding to an existing program.)

Whats included

A face to face or telephone conversation with regards to aspects of your current data protection policies. We will then draw up all of these documents branded into your company name and industry and make sure you are afully GDPR compliant by the deadline.


Compare Our
GDPR Implementation

  • Telephone/Email Consultation
  • Face to Face Consultation
  • Register your business with ICO (Fees paid)
  • All policies branded sent direct to you
  • 21-Page GDPR Implementation Project Plan
  • Basic GDPR Guidance Document
  • Data Protection Policy & Procedure
  • Data Retention & Erasure Policy
  • Data Breach Policy & Incident Form
  • International Data Transfer Procedure
  • Subject Access Request Procedures
  • Privacy Notice & Consent
  • Information Audit
  • Response Templates for Access Requests
  • DPO Responsibilities
  • Privacy Notice Register
  • Privacy Notice Register
  • Processing Activities Register
  • Processor Agreement & Notification
  • 140+ Question GDPR Compliance Checklist
  • Data Protection Impact Assessment (DPIA) Procedures
  • DPIA Excel Assessment
  • 2 Employee Test Papers & Answer Sheets
  • Information Security Policies & Procedures:
    • Information Security Policy
    • Remote Access & BYOD Policy
    • Asset Management Policy & IAR Template
    • Access Control & Password Policy
    • Clear Desk Policy
  • Complaint Handling Policy & Procedures
  • Complaint Form, Register & Response Letter
  • Risk Management Policy, Procedures & Register
  • Staff Training Policy & Record
  • Complaint Handling & Information Security Checklists
  • Outsourcing Policy & Procedures
  • Due Diligence Questionnaire
  • Internal Audit Policy & Procedures
  • Business Continuity Plan
  • Meeting Agenda & Minutes


£595One Time
£595One Time


£995One Time
£995One Time


£1495One Time
£1495One Time