Data protection is all I do. It’s not a side offering within a broader IT or legal practice — it’s the entire focus.
I founded Clever Class Consulting to bring specialist data protection expertise to the organisations that need it most — small and medium enterprises that face real compliance obligations but don’t have the scale to justify a full-time DPO.
Before starting this consultancy, I spent eight years working in data protection within UK banking. That experience gave me a grounding in the practical realities of compliance that no textbook or certification alone can provide: managing high-volume subject access requests across complex legacy systems, navigating dual reporting obligations to the ICO and the FCA, implementing international data transfer mechanisms across group entities, and leading breach response from initial detection through to regulatory notification and remediation.
I’ve handled the situations that keep compliance professionals awake at night — and I bring that experience to every client I work with.
You work with me directly — not a rotating pool of consultants. I learn your business, your data flows, your systems, and your risk profile over time.
Everything I deliver is structured around the ICO’s Accountability Framework — the standard the regulator uses to assess compliance maturity.
I’ve implemented data protection in large, complex organisations where pragmatism matters. My advice works in the real world.
Structured governance, ongoing monitoring, regulatory change tracking, and a compliance evidence base that builds over time.
Your policies, procedures, and reports are written in clear English for the people who actually use them — not in regulatory jargon.
From day one, every deliverable is filed, version-controlled, and stored in a structured compliance library. If the ICO comes knocking, we’re ready.
Banking is one of the most data-intensive and heavily regulated sectors in the UK. The data protection function sits at the intersection of the ICO, the FCA, the PRA, and internal audit — with every decision subject to scrutiny from multiple regulators.
The competencies I developed — and now bring to SME clients — include managing DSARs at scale, coordinating breach response with parallel regulatory reporting, implementing the UK IDTA across international group structures, and building compliance programmes that satisfy both internal audit and external regulatory examination.
An SME engaging a DPO with enterprise-level banking experience gets two things that most SME-focused consultancies cannot offer. First, exposure to the hardest compliance problems: if you’ve managed international data transfers across a global banking group, advising a technology company on a single cloud-hosting arrangement is a matter of applying familiar principles at a simpler scale.
Second, a compliance standard calibrated to regulatory expectations: I know what the ICO looks for because I’ve been through the process — not theoretically, but in practice. This doesn’t mean I over-engineer compliance for SMEs. It means I know where the real risks lie and where pragmatic, proportionate measures are sufficient.
The first conversation is always free and without obligation. I’ll listen, answer your questions, and advise on the best next step.
Book a Free Consultation