United Kingdom
Select regional store:

GDPR and Data Protection Act 2018 Consultancy

GDPR and Data Protection Act 2018 compliance 

The GDPR has transformed how personal data is collected, shared and used globally. To ensure GDPR and Data Protection Act (DPA) 2018 compliance, organisations will need to make changes to policies, processes and contracts, as well as in technical and organisational measures. In some instances, those changes could be complex and significant.

How we can help you become GDPR and DPA compliant

Our team of experienced data protection experts can help your organisation with a variety of best-practice solutions, from evaluating your GDPR & DPA 2018 compliance position and developing a remediation roadmap, through to implementing a best-fit data protection compliance framework. Whether you are an SME or a multinational, we can tailor our GDPR services to your particular needs. Speak to one of our experts for more information or to get a tailored quote.

Request a quote

GDPR & DPA 2018 consultancy services

Discover our bestselling GDPR and DPA consultancy services and solutions that will help to address the common problems you face. 

GDPR/DPA gap analysis

GDPR and DPA Gap Analysis Services

Your challenge

You’re uncertain how much your organisation complies with the GDPR/ DPA 2018 or struggling to determine where to start with your compliance project.

The solution

Get a detailed assessment showing your organisation’s current compliance position, and a remediation plan to address the gaps and risks with our GDPR/ DPA gap analysis service.

GDPR/DPA data flow audit

GDPR and DPA data flow audit service

Your challenge

You’re not sure what personal data you hold or where it resides

The solution

A data flow audit pinpoints all of the locations where personal data is being hosted – both within and outside your organisation – and where that data flows to and from. This service will provide you with  an inventory of the personal data held and shared by your organisation. Our consultants will provide you with a detailed  data flow map of your processes.

Privacy as a Service

Privacy as a Service

Your challenge

Your privacy compliance needs are complex and you don’t have the inhouse expertise to keep abreast of all your regulatory obligations.

The solution

Covering all elements of data protection, Privacy as a Service (PaaS) will provide you with a flexible, holistic solution to data protection under one easy-to-manage contract. Delivered by our sister company GRCI Law, this complete solution is delivered by experienced lawyers, barristers, DPOs and cyber security experts to support your data privacy need and provide the assurance you need to meet your GDPR and DPA 2018 compliance requirements.

DSAR as a Service

DSAR as a Service

Your challenge

You don’t have the time or internal expertise to deal with DSARs (data subject access requests).

The solution

This annual service enables you to outsource your DSAR needs to a team with extensive experience dealing with such requests.  Delivered by our sister company GRCI Law, this solution is delivered by experienced lawyers, barristers, DPOs and cyber security experts

Data protection impact assessment (DPIA)

GDPR DPIA service

Your challenge

You don’t know the data protection risks of introducing a new system or process.

The solution

Get an assessment of the data protection risks associated with your new process and a remediation plan to mitigate those risks. A GDPR consultant will conduct a one-day on-site assessment of the data protection risks present for a new or existing single data processing operation within your organisation.

GDPR/DPA contract and legal services

GDPR and DPA legal services

Your challenge

You’re unsure whether your policies and agreements are GDPR/ DPA conformant.

The solution

Get expert legal advice and support in reviewing and updating privacy notices, policies, supplier contracts and international data transfer agreements.

Breach Management as a Service

Breach management as a Service

Your challenge

You’ve had a data security incident – how do you respond in a timely and appropriate manner?

The solution

Get on-call assistance in meeting the DPA and GDPR’s 72-hour data breach notification requirements in a structured and compliant manner.

DPO as a Service

GDPR DPO as a Service

Your challenge

Sourcing the appropriate individuals to fulfil the DPO role is costly and difficult.

The solution

Get supported by a qualified DPO team who will serve as your independent data protection expert as set out in the DPA 2018 and GDPR.

EU Representative

GDPR EU Representative Service

Your challenge

You need to appoint an independent representative in the EU to help you deal with GDPR requests.

The solution

Our EU representative service enables organisations outside the EU that fall within the scope of the GDPR to meet their obligations under Article 27.  

In-house GDPR and DPA 2018 training and staff awareness

In-house GDPR and DPA training & staff awareness

Your challenge

You need to make sure that staff and management understand their responsibilities under the DPA 2018 and GDPR.

The solution

In addition to our certified GDPR/ DPA training courses, we deliver awareness sessions specifically tailored to your organisation’s requirements.

Bespoke GPDR and DPA 2018 consultancy

Bespoke GDPR and DPA consultancy

Your challenge

You’re not sure what guidance to follow to ensure your achieve compliance with the range of current and emerging privacy regulations.

The solution

IT Governance can develop a bespoke solution that will help you maintain ongoing compliance with data privacy laws, drawing on international frameworks and best practice from ISO/IEC 27001:2013, ISO/IEC 27701:2019 or  BSI 10012.


ISO 27001

ISO 27001 consultancy

ISO 27001 sets out the requirements for an ISMS (information security management system), a risk-based approach that encompasses people, processes and technology. Developing an ISMS that conforms to the international standard on information security, ISO 27001, means you will meet the technical and organisational requirements of the GDPR and DPA 2018.

Read more about ISO 27001 and the GDPR >>


ISO 27701

ISO 22701 consultancy

ISO 27701 is a privacy extension ISO 27001 and specifies the requirements developing a privacy information management system (PIMS). ISO 27701 is based on the requirements and controls of ISO 27001, and includes a set of privacy-specific requirements, controls and control objectives.

Read more about ISO 27701 >>


BS 10012

BS 10012 consultancy

BS 10012 is a British standard that outlines the specifications for a PIMS. The framework has been developed to help organisations comply with the data protection requirements imposed by laws such as the EU’s GDPR (General Data Protection Regulation).

Read more about BS 10012 >>

Why choose IT Governance?

  • We have an in-depth understanding of the GDPR and DPA 2018 requirements and how they should be met.
  • We are specialists in the fields of data protection and cyber security risk, which means that our solutions include guidance on avoiding data breaches through cyber attacks and other data privacy risks.
  • Our transparent proposals have fixed prices, so you won’t get any unexpected surprises.
  • We’re independent of vendors and certification bodies, and encourage our clients to select the best fit for their needs and objectives.
  • We can supply best-practice solutions for GDPR compliance, from understanding your position and developing a remediation roadmap through to implementing a data protection solution that works suits your business objectives and budget.
  • Our one-stop-shop provides the broadest range of data privacy solutions in the UK, from documentation toolkits to books, e-learning courses, classroom training courses and software.
  • You will have access to a dedicated account manager throughout the project.
This website uses cookies. View our cookie policy