GDPR & Data Privacy

GDPR Consulting

What is GDPR?

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). Today, the EU definition of “personal data” is set out in the Data Protection Directive 95/46/EC. It defines personal data as “any information relating to an identified or identifiable natural person”

What does GDPR mean?

GDPR is different from the Data Protection Directive (DPD) or British Data Protection Act 1998. In that it does the following new actions:

Our Methodology

Data Mapping

risk management experts will take you through a Data Mapping Exercise to identify, classify and discover the data in your organisation, providing pragmatic consultancy as they assess your data risk.



Cyber-attacks and the resulting data breaches are an ever increasing risk, leading to the exposure of company, customer and employee sensitive data. Regulatory controls are geared towards regulation as opposed to risk based assessments, and failure to comply can result in high financial penalties.

Many organisations do not have the means or methods to identify and locate all of the data they hold to assess.

A Data Mapping Exercise presents a perfect opportunity for organisations to understand what and where their key data assets are and enables them to take a practical approach to prioritising remediation.

Phased Approach

Our Data Mapping Exercise consists of four phases:


This phase helps to define and understand the data types you hold within your organisation. Through a series of interviews and questionnaires with key staff we will identify its location, which business processes handle or store sensitive data and the data types in use.


This phase determines how sensitive the data is based upon the damage that would be caused due to a breach of its confidentiality, integrity and availability. The result of this phase will be a measurement of the data’s sensitivity rating, enabling the organisation to classify its data and define its protection requirements.


We will work together to discover where your data is stored and confirm who receives and processes it.


Once the other phases are complete, we will provide you with a data inventory matrix showing your data categories, location and sensitivity.

Key Questions

A Data Mapping Exercise project would be a suitable course of action if you are unable to answer any of the key questions below:

Our Experience

Having helped several people and organisations with GDPR we are highly experienced in giving the correct advice. GDPR is not a simple tick-the-box compliance exercise, and such advice and actions from other consultancies can be damaging! With more and more breaches announced in the media everyday GDPR has become critical in defending your customers privacy and personal data.

GDPR is more defence in-depth, or defensive design, to ensure that you have thought about data security and privacy pro-actively and incorporated security into the design and implementation of all your business processes. Our processes and documentation go beyond GDPR for dummies, as we give you specific helpful advice, and taylor your business requirements to become inline with GDPR policy.