GDPR, industry regulations, data protection requirements. You know you need to comply, but working out exactly what that means for your business can be overwhelming. We help you cut through the jargon and actually get compliant.
Data protection for all businesses
Solicitors Regulation Authority
Financial Conduct Authority
Accountancy body requirements
Practical compliance support for small businesses.
We review what you’re currently doing against what you should be doing. Clear report on what’s working, what’s missing, and what needs fixing first.
We write the policies you actually need. Data protection, acceptable use, information security. Written in plain English that your team will understand.
Work out what personal data you hold, where it lives, who has access, and how long you keep it. Essential for GDPR compliance.
Get ready for regulatory audits or client due diligence. We help you gather evidence, fill gaps, and present your compliance clearly.
Train your team on their data protection responsibilities. What they can and can’t do with personal data. How to spot and report issues.
Prepare for data breaches before they happen. Know what to do, who to notify, and how to document everything properly.
GDPR applies to every business that handles personal data. That’s names, email addresses, phone numbers, anything that identifies a person. The rules aren’t complicated, but there’s a lot to get right.
The ICO wants to help businesses get it right, not catch them out. For small businesses doing their best to comply, enforcement is rare. What matters is showing you’ve made reasonable efforts and have proper processes in place.
Different industries have different requirements. We help you meet yours.
The SRA requires firms to have effective systems and controls for information security. Client confidentiality isn’t just ethical, it’s regulatory.
Professional body requirements around confidentiality, data handling, and client money. Plus increasing demands from clients for security assurance.
FCA-regulated firms have specific requirements around operational resilience, data security, and third-party risk management.
Patient data is special category data under GDPR. Healthcare providers have additional requirements around confidentiality and data sharing.
Straight answers about compliance and regulations.
Probably, if you process personal data. Most businesses do. Registration costs £40-60 per year for small organisations. There are some exemptions, but most businesses handling customer or employee data need to register. We can check whether you need to and help you register if so.
Most small businesses don’t need a formal DPO. You only legally need one if you’re a public authority, do large-scale monitoring of individuals, or process special category data on a large scale. But you do need someone responsible for data protection. We can help you work out what’s appropriate for your size.
At minimum: a privacy policy (for your website and customers), a data protection policy (internal), and an information security policy. Depending on your industry, you might also need acceptable use policies, data retention schedules, and subject access request procedures. We’ll tell you exactly what you need.
It depends where you’re starting from. A basic GDPR compliance project for a small business might take 4-8 weeks. Getting policies in place, mapping your data, fixing obvious gaps. It’s not a one-off project though. Compliance needs ongoing attention. We can help you build sustainable processes.
Don’t panic, but act quickly. Contain the breach, assess what data was affected, and document everything. You have 72 hours to report serious breaches to the ICO. Not all breaches need reporting, but you need to make that decision quickly. If you’re not sure, call us. We can help you assess and respond.
This is increasingly common. Larger clients want assurance that their suppliers have proper security. We can help you complete security questionnaires, put together evidence packs, and get certifications like Cyber Essentials if that would help. Sometimes having clear documentation is all you need.
Let’s talk about your regulatory requirements and work out what you actually need to do. Plain English, practical advice.
Or just email us: [email protected] – we usually reply within a day.
