Our Services


The General Data Protection Regulation or GDPR enters into force on 25 May 2018 and will place significant legal responsibilities on organisations that collect, store or process personal data. The GDPR’s obligations primarily apply to data controllers. If your organisation makes the decisions as to how and why personal data is processed it likely acts as a data controller. If you have employees, for example, you are a controller in respect of the personal data you hold about them and as such GDPR will apply to you.

Once the GPDR becomes law, the majority of its provisions will immediately apply. Compliance with GDPR will be an ongoing process requiring regular monitoring of your processing activities and related policies and procedures. This means that organisations must not wait to implement changes after 25 May 2018. If you are found to be in breach of the obligations imposed by GDPR, your organisation could be exposed to monetary sanctions of up to €20,000,000 or 4% of global annual turnover.

What we do

The GDPR requires that data controllers to identify the personal data they hold and maintain records of their data processing activities. We will work with your organisation to develop a comprehensive understanding of the scope of the personal data used in connection with your business. This will include all areas of personal data and potential exposure to breaches under the new regulation.

Once the scope has been defined, we will then establish the policies and procedures necessary to meet regulatory demands. Such policies and procedures will include:-

  • Internal Privacy Policy

  • Customer and employee privacy statements

  • Data Retention Policy and Procedure

  • Subject Access Request Policy and Procedure

  • Retention Policy and Procedure

  • Breach Notification Policy and Procedure

Our team comprises Laura Graham and Elaine McGrath.

Contact us now to see how Laura and Elaine can assist you.

Related Publications