Risk Evolves Logo Need help now?

GDPR Critical Friend

GDPR expertise on tap

You may already have a data privacy compliance expert in-house, but what happens when they’re ill, on holiday, overwhelmed with work or urgently need a second opinion?
Our Critical Friend service will ensure you have the support you need, all year round. 
FAQs

A friend for life

A subscription to our Critical Friend service will help you:

Identify, prioritise and address compliance weaknesses

Access expert advice which reduces risks and boosts compliance

Take decisive action in case of a cyber incident

Provide information to the Information Commissioner’s Office (ICO)

Keep abreast of legislative changes

Ensure colleagues understand their role

Hold colleagues to account

Reassure stakeholders

Unbiased, no-nonsense advice

Our GDPR Critical Friend service will provide you with realistic, practical guidance that’s tailored to your business’s needs. We’ll always tell you the truth, even when it’s something you don’t want to hear!

Understanding your business

In order to give you the best advice, your Critical Friend will need to develop a thorough understanding of your organisation and any risks to compliance. To ensure we provide the right advice from the very beginning, we’ll conduct a detailed onboarding review. During this, your Critical Friend will:

  • Give an overview of the GDPR
  • Advise staff of their obligations
  • Review your data policies
  • Assess your current compliance 

Shaping your compliance

After the review, your Critical Friend will compile a report showing your high-level compliance against eight key areas including governance, information security and processes. They will also provide a prioritised action plan to get you back on track.

Your report will enable you to answer to critical questions, such as:

  • How compliant are we?
  • Do we know what data we are collecting, why it is being collected and how long it is being kept for?
  • Where are our greatest risks?
  • Is our data secure?
  • Are our staff suitably trained?
  • Do our suppliers treat data in the way we expect them to?
  • Would we know what to do in the event of a data breach?

FAQs

It takes two days, including the time taken to write up your report.

To ensure your report is accurate, your Critical Friend will need to speak to a number of people across your organisation including representatives from your leadership team as well as from your finance, procurement, HR and IT departments, amongst others!

It can, but it will require some careful planning as we’ll need to split the sessions into a series of separate interviews.

We’ll look at eight key areas:

  1. Accountability & Governance
  2. Data Privacy Policy
  3. Processes and Procedures
  4. Third Party Management
  5. Information Security
  6. Incident Management
  7. Communication
  8. Education

Your Critical Friend will spend an hour with you every quarter to review your compliance, share updates on GDPR and alert you to any critical news from the world of Information Security.

You can have up to one hour of telephone support per month.

View our support hours

We’ll quickly match you with another Critical Friend. They’ll have access to your notes, so they’ll be able to give you the advice you need.

Absolutely anything and everything to do with GDPR. We’re self-confessed GDPR geeks so we love to help. Here are some examples of things you can ask your Critical Friend to do:

  • Answer any GDPR questions
  • Help you respond to data-related enquiries or complaints from stakeholders and customers
  • Follow up actions from quarterly meetings
  • Help you complete Subject Access Requests (SARs) on time
  • Answer queries about policies and offer suggestions for improvements
  • Help you complete supplier questionnaires
  • Suggest changes to contracts
Cyber Essentials Certified
ISO9001, ISO27001 & ISO 27701 Integrated and accredited logo
Armed Forces Employer Recognition Scheme - Silver Award
ecovadis gold sustainability rating 2023