Services

 

Virtual Data Protection Officer (vDPO)

I act as your external DPO, handling all UK GDPR compliance requirements without the cost of a full-time hire. This includes maintaining your Article 30 records, managing data subject requests, advising on processing activities, and being your first point of contact with the ICO. You get practical, no-nonsense data protection support that actually fits how your business operates.

Information Security Management

I'll help you build and maintain an information security program that makes sense for your business. This covers risk assessments, security policies, incident response planning, and supplier management. Whether you're working toward ISO 27001 or just need to demonstrate proper security controls to clients, I'll get you there without the enterprise-level complexity you don't need.

Compliance Health Checks

A thorough review of where you stand with UK GDPR and information security requirements. I'll identify gaps, prioritize risks, and give you a clear roadmap for getting compliant. This is particularly useful if you're facing client questionnaires, preparing for audits, or just want to know you're not exposed.

DPIA Support

When you're launching new systems, changing how you process data, or facing higher-risk processing activities, you need a Data Protection Impact Assessment. I'll guide you through the process, help you identify and mitigate risks, and document everything properly so you can demonstrate due diligence.

Policy & Documentation Development

I'll create the policies, procedures, and records you actually need - written in plain English that your team will understand and use. This includes privacy notices, data processing agreements, retention schedules, and all the Article 30 documentation the ICO expects to see.

Incident Response & Breach Management

If something goes wrong, you need to act fast and get it right. I'll help you manage data breaches from initial assessment through ICO notification if required, including documenting your response and implementing lessons learned.

Does this capture what you're offering? I can adjust the tone, add more detail to any service, or restructure this depending on how you want it to appear on your site. What works and what needs changing?

Supplier & Third-Party Risk Management

I'll help you get a handle on the data protection and security risks in your supply chain. This means reviewing DPAs with your software vendors, assessing processor compliance, and making sure you're not exposed when third parties handle your data. Particularly important for recruitment agencies dealing with multiple job boards, CRM systems, and background check providers.

Training & Awareness Programs

Practical training sessions for your team on data protection and information security - delivered in a way people actually remember. I focus on real scenarios your staff encounter rather than generic compliance lectures. Can be done as workshops, lunch-and-learns, or online modules depending on what works for your business.

ICO Correspondence & Regulatory Liaison

If the ICO gets in touch or you need to engage with them proactively, I'll handle the communication and make sure you're presenting your position properly. This includes responding to complaints, managing assessment notices, and dealing with any regulatory inquiries.

Records of Processing Activities (Article 30)

Building and maintaining your ROPA - the cornerstone document the ICO will ask for. I'll map your data flows, document your processing activities, and keep this updated as your business changes. Most businesses either don't have this or have a version that's completely out of date.

Data Retention & Disposal Programs

Setting up proper retention schedules and disposal processes so you're not keeping data longer than you need to. This reduces your risk exposure and demonstrates you take data minimization seriously. Includes both digital and physical records management.

Client Compliance Questionnaire Support

When your clients send you those lengthy security and data protection questionnaires (DDQs, vendor assessments, etc.), I can help you complete them accurately and position your compliance maturity properly. This often makes the difference in winning or keeping contracts.

ISO 27001 Implementation Support

If you need ISO 27001 certification or want to build toward it, I'll help you implement the management system, prepare documentation, and get you audit-ready. Particularly relevant if you're in professional services where clients increasingly expect this certification.

Compliance & Transformation Project Management

I'll manage your compliance, security, or operational transformation projects from start to finish. This is particularly valuable when you're implementing new systems, going through certification processes (ISO 27001, Cyber Essentials), restructuring data flows, or dealing with post-acquisition integration. I use PRINCE2 methodology but keep it practical - you get proper project governance, clear milestones, and realistic timelines without drowning in unnecessary documentation. Having someone who understands both the technical compliance requirements and how to actually deliver projects means things get done rather than stalling in endless planning.

Business Transformation & Project Management

Beyond compliance, I take on transformation and change management projects across operations, systems implementation, and process improvement. With PRINCE2 Practitioner certification and 16 years delivering operational change in manufacturing and FMCG environments, I can run projects where you need structured delivery but don't need a permanent PM. This works particularly well for medium-term initiatives - system rollouts, operational restructures, efficiency programs - where bringing in external project leadership makes more sense than pulling your own people off day-to-day work.

Cyber Essentials Preparation

If you need Cyber Essentials or Cyber Essentials Plus certification (increasingly required for public sector contracts and larger clients), I'll prepare you for the assessment and help you remediate any gaps. This overlaps with your security work but calling it out separately might catch people who are specifically searching for CE support.

Business Continuity & Disaster Recovery Planning

Helping you plan for and document how you'd respond to major incidents - cyber attacks, system failures, data loss. This ties into both information security and operational resilience, and larger clients often ask to see these plans.

 

 

 

©Copyright. All rights reserved.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.