data protection gdpr

Ensure your organisation is GDPR compliant, regardless of size, location or sector. Get expert assistance with the implementation and maintenance of your compliance activities.

What is GDPR consultancy?

The General Data Protection Regulation (GDPR) was introduced in the UK with the Data Protection Act 2018, and changes the way businesses use, store, and manage personal data.

GDPR consultancy is a professional assessment of your organisation’s level of compliance, with advice from experienced information security professionals. We advise on how best to ensure you’re not only meeting the Regulation now but will continue to comply in the future. Ultimately, this service helps your business to remain compliant with the complexities of the Data Protection Act 2018, reducing the chance of a data breach.

Why do I still need a GDPR consultant?

Compliance with the GDPR isn’t a one-time task; when it comes to data protection, ongoing compliance is just as significant as the initial work you put in.

Not placing an importance on ensuring that data protection processes and policies are followed means that—over time—they become diluted and forgotten, ultimately placing the organisation in a non-compliant position. In this situation, should there be a breach and your organisation is not compliant, fines are likely to be significantly higher, which can impact both bottom line and reputation.

Why does my organisation need to comply with the GDPR?

  • If you collect any personal information you must adhere to GDPR Read more Read less

    Research suggests that almost all UK businesses will collect personal information, ranging from personal email addresses to customer medical information.

  • You must know how to comply with legislation and remain compliant Read more Read less

    It is a legal requirement that personal data is stored securely and only used with permission. Failure to do so may result in both the reputational and the financial penalties associated with non-compliance with the Data Protection Act 2018.

  • You can mitigate the risks of a data breach, and maintain your reputation Read more Read less

    It’s not just about keeping your business safe. GDPR consultancy also helps you to maintain a strong reputation within your industry by demonstrating legal compliance, as well as by showing an ongoing commitment to protecting the privacy of your clients, customers, your employees, and your stakeholders.

  • Does my organisation store and collect personal data?

    Personal data can fall into two categories, ‘Personal Data’ and ‘Special Category Data’ (sometimes known as ‘sensitive personal data’):


    Personal Data is any information that can be used to directly identify an individual, or information that can be used to identify an individual in combination with other information. Examples include name and surname, personal email address and an individual’s National Insurance number.


    Special Category Data  are considered to be more sensitive and likely to cause harm to the individual, and therefore can only processed in more limited and tightly controlled circumstances. Examples include information about an individual’s sexuality, their political opinions, race and ethnicity, medical history and biometrics.


    If the data you store sounds like any of these, you must adhere to the Data Protection Act 2018 and the GDPR.

You complied with the GDPR in 2018, right?

Data protection is not 'set and forget', if you would like to check how secure you are, contact us today to discuss how we can help you get in to tip top shape.

I need to review my GDPR compliance

Consultancy options

At PGI, we understand that every organisation will be at a different stage of compliance with the Data Protection Act 2018/GDPR, so our information assurance team can offer assistance in four key areas:

  • Scope of processing Read more Read less

    To ensure that your organisation is operating in compliance with the Data Protection Act 2018 and the GDPR, you must first understand what personal data your business processes.

    We will help you to establish, document and justify the personal data processing activities that are performed by your organisation.

    Our consultants are equipped with a practical understanding of data protection legislation and its application. This means that PGI can provide reassurance that your processing activities are lawful, justified and appropriately documented.

  • GDPR gap analysis Read more Read less

    Once you know what data you hold and how it is processed, a gap analysis will inform where there are shortfalls in compliance and where efforts must be concentrated to meet the requirements of the legislation.

    The gap analysis provides a view of where effort needs to be concentrated to ensure compliance, and which actions should be performed first. This can facilitate effective project planning, resource forecasting and budgeting.

    PGI consultants’ expertise in data protection legislation allow them to accurately assess your organisation’s current levels of compliance and provide pragmatic recommendations.

    With the help of PGI’s consultants, a gap analysis can be performed more efficiently and effectively than by internal staff, who are likely to hold other responsibilities, and may not be as familiar with the requirements of the Data Protection Act and the GDPR.

  • Implementation Read more Read less

    This stage focuses on implementing control measures to ensure compliance with relevant data protection legislation. With PGI’s support, your organisation can be assured that these control measures are pragmatic and provide the appropriate levels of assurance.

    With PGI’s support, your organisation can be assured that control measures implemented are pragmatic, and provide the appropriate levels of assurance.

    As an example, PGI consultants can apply their expertise to develop data protection related policies, procedures and privacy notices, build registers of processing activities, and perform Data Protection Impact Assessments (DPIAs).

    Engaging with PGI allows an independent and unbiased view of the suitability of the controls being implemented.

  • Continuous support Read more Read less

    Continuous improvement is all about maintaining your compliance with the Data Protection Act 2018 or the GDPR. Our consultants provide ongoing support, such as expertise on how to improve security controls and reviewing any business changes and their impact to your compliance obligations.

    PGI’s expertise and experience can help you devise an effective continuous improvement programme that is appropriate for your organisation. PGI consultants provide you with specialist knowledge and resource capacity, enabling your workforce to concentrate on core operations.

  • Virtual Data Protection Officer Read more Read less

    If you carry out certain types of data processing or your organisation is a public authority, you must appoint a Data Protection Officer (DPO) under the GDPR/DPA (2018).

    Even if your organisation is not legally required to have a DPO because it doesn’t meet the threshold criteria, you must ensure that your organisation has appropriately designated staff to coordinate and manage activities; and sufficient resources to discharge your obligations under the UK GDPR. The voluntary appointment of a DPO will also demonstrate your organisation’s level of compliance, which will give your customers and employees peace of mind.

    Learn more

Why choose PGI?

The PGI team are passionate about data security and have closely followed the changes that took place as the Data Protection Act was transformed by GDPR.

We have successfully supported many businesses, large and small, to identify weak areas in their data processes and find pragmatic, cost effective solutions to ensure they are adequately minimising the risk of data loss and misuse of information.

We offer a tailored approach: Not every business is the same, so we don’t attempt to approach every project in the same way. We get to know your organisation, so we can provide appropriate advice.

We provide practical and affordable solutions: We believe that compliance and security measures should only be proportionate only to a client’s needs, not a blanket approach.

We have cross-sector experience: PGI are made up of personnel with backgrounds in security, law enforcement, intelligence, the military and academia and have implemented information security measures across a wide range of industries.

We only give vendor-neutral advice: PGI are vendor-neutral, so we will always act in your best interests when assessing your risks and offering a solution.

Want to find out more?

Contact Us:

t: +44 20 4566 6600