The first conversation is always free and without obligation. Tell us about your situation and we’ll advise on the best next step.
Based in the East Midlands, serving clients across the UK. Most services delivered remotely, with in-person meetings available by arrangement.
We aim to respond within one working day. For urgent matters — particularly breaches or ICO correspondence — call directly and we’ll prioritise accordingly.
Under Article 37 of the UK GDPR, a DPO is mandatory if your core activities involve regular and systematic monitoring of individuals on a large scale, or the large-scale processing of special category data. Even where not strictly required, the ICO strongly recommends appointing someone responsible for data protection. An outsourced DPO is the most cost-effective way to meet this expectation.
You get a named DPO registered with the ICO as your contact point. They attend structured governance meetings, provide ad-hoc advice, manage DSARs and breach incidents, deliver training, monitor regulatory changes, and maintain your compliance evidence base. The relationship is ongoing and embedded — your DPO develops deep knowledge of your organisation over time.
Retainer fees depend on your organisation’s size, processing complexity, sector risk profile, and the tier of service you need. We’ll recommend the right arrangement after an initial conversation and provide a clear, fixed monthly quote. Out-of-scope work is always quoted separately.
The Health Check is a one-off assessment: it tells you where you stand and what needs to be done. The retained DPO is the ongoing relationship that does the work — managing compliance, handling incidents, advising on questions, and maintaining your posture over time. Many clients start with a Health Check and then move to a retainer to implement the recommendations.
If you process personal data — and almost all organisations do — you have obligations under the UK GDPR. The ICO’s enforcement actions show that penalties and reprimands are not reserved for large enterprises. Our Essentials tier is designed specifically for smaller organisations (10–25 employees) who need proportionate support without the overhead of a more intensive engagement.
As your retained DPO, we’re available for immediate escalation. We help assess the breach against the ICO’s notification threshold, determine whether the 72-hour obligation is triggered, prepare and submit the notification if required, advise on data subject communication, and conduct root-cause analysis. Retainer clients have an accelerated SLA for breach incidents.
The Data Use and Access Act introduces a mandatory complaint handling process for all organisations by 19 June 2026. Our Health Check includes specific readiness assessment, and our retained DPO service includes implementing the necessary procedures ahead of the deadline.