Data Protection

Get Compliant. Stay Compliant.

Data Protection Services

GDPR and Data Protection Consultants in Greater Manchester, Yorkshire and the UK

The introduction of the EU General Data Protection Regulation 2018 (GDPR) on May 25th, 2018 and the subsequent Data Protection Act 2018 (DPA18) brought about the biggest and most significant change regarding data privacy in the last 20 years. It regulates the retention and protection of personal data that can be used to identify an individual, such as name, address, mobile number, IP address and special category data such as gender and biometrics.

Our data protection consultants can help to ensure that your business has processes in place that are compliant with the new data protection regulations. Data privacy is fully enforced by the Information Commissioners Office (ICO) with hefty fines of up to 20 million euros or 4% of the company’s worldwide turnover, whichever is the greatest, for organisations that fail to comply with the regulations.

At CDS we provide a wide range of data protection services for organisations in Greater Manchester, Yorkshire and throughout the whole of the UK. With specialist in-house GDPR consultants we can help to ensure your business meets the minimum GDPR compliance standards. No matter the size of your business we have devised a suite of solutions to help you become legally compliant.

Data protection affects all businesses, regardless of size and industry, at CDS our data protection consultants have the expertise to put in place a robust data protection policy and framework for your business. Starting off with a data protection audit we will carry out a GDPR gap analysis to help identify areas of non-compliance within your business. Following the data protection audit we’ll provide you with a detailed action plan and roadmap to achieve GDPR/DPA18 compliance.

While we are based in Rochdale in Greater Manchester, our data protection consultants provide a full range of data protection services throughout the whole of the UK. From outsourced data protection officer and Data Subject Access Request (DSAR) support to training and awareness for your employees, at CDS we are experts in GDPR and data protection.

Our range of services are designed to assist your organisation in becoming compliant with the new regulations and more importantly, staying compliant. Regardless of where you are on your journey to compliance, we have a solution to suit you.


Our Clients

Data Protection Services

  • If you are at the initial stages of planning your journey to GDPR / DPA 2018 compliance, a Gap Analysis is an ideal place to start. Our Gap Analysis is a brilliant initial audit to assess your current situation in terms of compliance and identify areas of non-compliance in relation to the current applicable laws including GDPR & DPA18. This can then form the basis of your roadmap to GDPR / DPA 2018 compliance.
  • Getting to GDPR / DPA 2018 compliance is great, but all organisations must make an active effort to ensure they stay compliant. Therefore, CDS recommend an annual compliance audit. This a great tool to review the progress you have made and make sure any gaps previously plugged have not opened up again. Many businesses are always growing and changing, so our annual compliance audit allows you to ensure any necessary tweaks and changes your current GDPR / DPA 2018 policies, procedures etc. to ensure compliance is maintained. An annual compliance audit is also a very effective way of GDPR / DPA 2018 awareness within your organisation does not fade over time.

Key Differentiators

  • Completely bespoke programme and schedule of work through consultative scoping
  • Thorough audit on site with a comprehensive review of policies and procedures. CDS will then deliver a tailor-made action plan to outline your roadmap towards compliance, crating a bespoke report of work outlining our findings.
  • Very quick turnaround, get your report within 7 days of the site visit.
  • A low cost/ High impact first step toward GDPR/DPA18 compliance.
  • Minimal disruption to BAU.

Once CDS have carried out a gap analysis and provided a report listing all recommendations with a priority rating against each one, you will have a clear roadmap to GDPR / DPA 2018 compliance. Your can either implement these recommendations yourself or enlist our qualified practitioners to help implement and improve the areas of concern. Our qualified practitioners can take ownership of all or part of the GDPR / DPA 2018 compliance plan and make sure that this has been implemented across the business.

Key Differentiators

  • All remediation consultancy is carried out by our fully qualified practitioners and consultants with over 10 years of industry experience.
  • Through our transparent and consultative approach, we can mentor incumbent DP resource on areas of compliance as part of the service.
  • CDS can be involved as much or as little as your require, with the ability to take complete ownership of a project and see it through to completion.

CDS provide a business hours Support Desk for any data protection related support and guidance, this includes any queries in relation to GDPR and DPA 2018. Any queries, questions or complaints you receive can be dealt by our senior team of practitioners who will resolve and come back to you with follow up actions and a resolution.

There are many ways in which our Support Desk can assist you, including:

  • Ad-hoc data protection related queries (DPA 2018 and GDPR)
  • Breach Management Support
  • Data Privacy Impact Assessments (DPIA’s)
  • Staff Training & Awareness
  • Risk Register Analysis
  • Breach Management Support
  • Help dealing with a DSAR (Data Subject Access Request) or FOIA (Freedom Of Information Act) request
  • Policy Writing

Key Differentiators:

  • Business hours support desk
  • Fully qualified professionals with considerable industry and legal experience
  • Our support desk can assist you in carrying out some activities relating to GDPR/DPA18 compliance, remotely. This can increase flexibility and reduce the additional costs of having a consultant on-site.

A Data Subject Access Request is made by individuals who want to obtain details personal data an organisation holds about them. An individual can submit a DSAR either verbally or in writing. An individual does not have to submit a request to any particular person or department, they can submit a DSAR to any part of an organisation. Once received, you must respond to the DSAR within 30 days.

CDS offer a range of services to help make the process receiving and responding to DSAR’s as stress free as possible.

  • CDS can help prepare your organisation by creating all the required policies and procedures relating to responding to a DSAR
  • Having policies and procedures in place is great but not very effective unless everyone in the organisation is familiar with them. CDS can help embed these policies and procedures into the organisation through training and awareness sessions. Reduce any unnecessary delay by ensuring everyone in your organisation knows what to do in the event of receiving a DSAR.
  • CDS can also help you respond to a DSAR if you require additional support, this can range from offering remote support and guidance all the way to attending site and responding to the DSAR for you.

Key Differentiators

  • Complete end to end solution
  • Fully qualified professionals with considerable industry and legal experience
  • Remote and on-site support provided

Whether it’s a mandatory or voluntary appointment, our DPO service is designed to satisfy an organisations legal responsibility to designate a Data Protection Officer. A Data Protection Officer is responsible for overseeing an organisation’s data protection strategy and implementation. They must ensure that an organisation is complying with the GDPR’s requirements. According to GDPR Article 39, a Data Protection Officer’s responsibilities include:

  • Training organisation employees on GDPR compliance requirements
  • Conducting regular assessments and audits to ensure GDPR compliance
  • Serving as the point of contact between the company and the relevant supervisory authority (Information Commissioners Office)
  • Maintaining records of all data processing activities conducted by the company
  • Responding to data subjects to inform them about how their personal data is being used and what measures the company has put in place to protect their data
  • Ensuring that data subjects’ requests to see copies of their personal data, or to have their personal data erased, are fulfilled or responded to, as necessary.

Key Differentiators:

  • CDS provide fully qualified & highly experienced DPO’s
  • Hands-on support. CDS do not fulfil a strictly advisory role like most outsourced models, we take ownership of creating and implementing GDPR/DPA18 strategy in order to help you achieve compliance.
  • Low cost and bespoke outsourced DPO contracts dependent on industry, data volume and sensitivity and size of organisation

The ICO (Information Commissioners Office) state that all breaches must be reported to the ICO within 72 hours of a breach being identified. This can be daunting for many organisations, especially for those that have not prepared for this eventuality in advance.

CDS can help you better prepare as an organisation when it comes to dealing with a breach. We can also help deal with a breach when it happens.

In order to prepare for a breach, CDS can help your organisation put all relevant policies, procedures and reporting tools in place. We can then provide training across your organisation. Training is a necessary part of breach readiness as it enables all staff to better identify and report any breach as soon as possible.

In the event of a breach, we can assist you to collate all the information needed by the ICO and report it within the 72-hour deadline. As soon as a breach occurs, you can call our business hours Support Desk. One of our fully qualified consultants will then guide you through the process and assist you in identifying whether the breach is reportable. If the report is indeed reportable, we will help you to do this as well.

Key Differentiators

  • Immediate response and take-up on breaches
  • Independently assess and consult on next steps
  • Implement remediation steps to mitigate repeat breaches occurring
  • Complete end to end solution
  • Fully qualified professionals with considerable industry and legal experience
  • Remote and on-site support provided

CDS offer bespoke fully managed on-going annual support services. This allows your organisation to work towards and maintain compliance whilst controlling budgets and resources. Essentially, we become an extension of your compliance team or in some cases, we become your compliance team.

As well as taking care of any remediation action necessary based on the findings of the gap analysis, CDS can undertake ad-hoc consulting briefs and take ownership of implementing and delivering compliance projects.

All bespoke support service agreements include access to a business hours helpdesk and a fully qualified on-site consultant. In order to provide costings for this service, CDS would agree with you how often you would like your on-site consultant to visit and how much remote support desk assistance you would require. Using this information, CDS can provide you with an annual cost for the service.

Key Differentiators

  • Tailored / bespoke contracts to meet your exact requirements
  • Low cost and effective data protection support partner
  • Full spectrum support for all GDPR and DPA 18 compliance requirements
  • Fully qualified professionals with considerable industry and legal experience
  • Remote and on-site support provided

Training is a large part of compliance. Creating policies, procedure and registers alone will not equate to GDPR/DPA 2018 compliance. Organisations must then ensure that these policies, procedures, registers etc. are embedded and followed throughout the entire organisation. Regular training is the best way to make this happen.

CDS provide on-site training solutions bespoke to your organisation. Rather than generic training sessions, we use your policies and procedure etc. to tailor our training sessions to your organisation.

Key Differentiators

  • Fully qualified and experienced trainers
  • Bespoke training solutions
  • Classroom based training
  • Interactive training sessions

Your organisation may be compliant but how about your supply chain. You have a responsibility to make sure your supply chain is taking compliance as seriously as you are.

CDS can help you carry out your due diligence through questionnaires and audits.

Key Differentiators

  • Fully qualified professionals with considerable industry and legal experience
  • Remote and on-site support provided

Since the General Data Protection Regulation (GDPR) was enforced in the UK on 25th May 2018, many UK based small businesses remain unaware of their legal obligations and the possible consequences of non-compliance.

When it comes to data protection, research suggests smaller businesses are less prepared. Small businesses simply don’t have the time or resources to dedicate to bringing their systems up to GDPR compliance standards.

Whether you have 1 or 100 members of staff – every UK business is accountable for the handling of personal information, which includes data protection policies, data protection impact assessments and having relevant documents on how data is processed. Regardless of type and size, this applies to your business.

The reality is small businesses process just as much information as large companies. Under the accountability principle, the data controller (you) are responsible for demonstrating GDPR compliance. This means if you are a small business owner, you are responsible for demonstrating GDPR compliance. It’s an administrative nightmare with fears compounded with the possibility of large fines, warnings, reprimands and corrective orders.

Compliance Direct Solutions is an independent consultancy firm aiming to make light work of GDPR compliance for small business owners, helping you to operate within the law.

CDS have devised a suite of solutions designed to help any micro business, small business, self-employed person or home-based business to become legally GDPR compliant.

Key Differentiators

  • Low cost, high value suite of solutions to suit any business regardless of size
  • Access to fully qualified professionals with considerable industry and legal experience
  • Remote and on-site support available