Data Security & GDPR.
Who it's for
Charities handling sensitive beneficiary data — safeguarding cases, health, immigration status, minors — with no in-house DPO.
The problem we solve
You're one subject access request away from a real problem. Trustees are asking about ISO 27001 and Cyber Essentials, and Google isn't a policy pack.
What you get
- DPIA and record of processing activities (ROPA)
- Privacy notice, retention schedule and breach playbook
- Access controls and MFA rollout plan
- 90-minute staff training (recorded)
- Cyber Essentials readiness review
- Trustee board briefing document
How it works
- 1
Assess
Half-day discovery covering data flows, systems, third parties and current controls.
- 2
Author
Policies drafted against ISO 27001 controls — plain English, not lawyer-speak.
- 3
Enable
We train your team, brief your board, and leave you audit-ready.
Everything trustees usually ask.
Do you provide ongoing DPO cover?
Yes — a fractional DPO retainer is available from £250/month.
Are you a lawyer?
No, we're not a law firm — we build the operational side of GDPR. For legal opinions we partner with charity-sector counsel.
Cyber Essentials certification?
We prepare you for it and refer to an accredited certifying body.
What if we already have policies?
Great — we review, harmonise, and fill the gaps rather than starting over.
Prove your impact. Win more funding.
Start with a free 3-minute Impact Check and see where the quick wins are — no email needed for your headline score.
