What we do


We work with organisations to implement data protection and privacy regulations.

Meeting data protection requirements can be a challenge, as it involves changes to organisational technology, processes and culture. It impacts all forms of personal data processing including HR, operational data and customer data.

We and our associates work with you to discover what data protection means for you, assess what changes you need to make, and how to act on those changes.


Learn about data protection and privacy with our highly interactive (dare we say fun?), out-of-the-box training, tailored workshops and occasional events.

Out of the box training

Introducing GDPR (1 hour)
How GDPR and PECR affect cookies  (1 hour)
GDPR for technologists (half day)
GDPR for data champions (half day)
Data protection by design (1 day or two half days)
How to run Data Protection Impact Assessments
 (half day)
SWOT workshop - exploring the pros & cons of new tech (half day)

Tailored workshops

Workshops and briefings tailored for your sector, technology or company brief, designed to solve challenges you face. Using relevant materials, case studies and activities they allow your team to apply their new knowledge quickly .


We run our own occasional events for you to meet peers, discuss shared issues and explore ideas.
The SWOT shop - a meet-up exploring new technologies, how they impact the world and all our lives, with focus on ethics, data protection and privacy. 


Understand your current approach to data protection and what changes you need to make.

Website assessment

An independent data protection assessment that can be understood by you or your developers, with clear priorities, risks and actions.
It includes:
- technical review (CMS, hosting, backups, cookies)
- visual review (forms, sign-ups, social sharing)
- privacy policy review (rights, transparency, missing information)
- security review (SSL, backup security, passwords)

GDPR assessment & plan

We spend time with you to understand your data processing in detail. You receive a compliance assessment based against ICO guidance, with clear risks, priorities and actions covering:
- lawfulness and transparency
- documentation
- individual rights handling
- accountability and governance
- security and data transfers

Data breach management assessment

Receive recommendations and an action plan for improving your data breach management processes.
- staff awareness and training
- alignment with regulations
- decision-making processes
- roles and responsibilities
- managing third-party relationships
- communications and record-keeping


Our solutions meet the needs of both established and new ventures.

Established ventures

Challenges you may have for your existing organisation, technologies, processes or products:
- Understanding the data protection issues within existing systems
- Embedding data protection and privacy practices into the organisation
- Identifying and mitigating risks in day-to-day processes
- Knowing what personal data is handled, where it goes and who accesses it
- Assessing how third-party suppliers handle and protect personal data
- Adapting existing technology to satisfy data protection regulations

Our solutions include: data mapping, documenting technical architecture, reviewing operational processes, reviewing supplier relationships, updating legal documents, training.

New ventures

Goals you may have for your new idea, start-up, technology, system or service:
- "Doing the right thing"
- Embedding data protection and privacy into development practices
- Using data protection to differentiate ourselves in the market
- Understanding the data protection considerations and risks with this idea
- Assessing third-party developers for their data protection standards
- Choosing technology to support data protection

Our solutions include: mentoring, participation in sprints, training, technical design workshops, Data Protection Impact Assessments, reviewing supplier relationships.