How we can help you

Whether you see privacy as a differentiator, or just something which you need to "do right", we can help.

In a world of increasingly complex privacy law, you want someone who knows the legal frameworks inside out and has years of operational experience.

Neil spent several years as head of privacy for the UK operating company of a global communications provider, helping to design cutting edge products and services, as well as being responsible for the privacy rights of almost 20 million communications customers.

Since then, he has helped companies and in-house privacy teams protect the privacy rights of their customers, and meet their legal obligations, across the full spectrum of data protection issues. This has included substantial GDPR implementation activity, helping bring companies up to speed with the new(ish) framework, as well as day-to-day advice and guidance, and operational issues such as handling questions from customers and complaints from the UK's privacy regulator.

What our clients say

Head of Legal, major energy company

Chief Privacy Officer, FTSE 100 brand

⚠️ Warning: here be dragons!

The GDPR — Europe's new(ish) data protection framework — has done some great things for privacy, but has also had some less great side-effects.

One of these is the massive increase in the number of people claiming to be privacy or GDPR "experts". Some even claim to be "certified" despite there being no formal certification regime.

Before you select an advisor on GDPR or privacy issues, check whether they really have the experience you need — after all, the cost of getting it wrong could be significant, and the impact on your customers, and your reputation, massive.

New products and services

Products, services, apps, wearables — whatever!

You have probably heard of the terms "privacy by design" and "privacy impact assessments".

We can help you design services in a way which meets your commercial objectives without alienating customers or triggering undue regulatory concern, including giving you clear, pragmatic advice on challenging topics, such as data analytics.


From getting your business registered with the Information Commissioner's Office to establishing a solid policy framework, and from embedding good practices across your organisation to helping you meet your regulatory obligations, such as dealing with subject access requests, we can support and guide you.

Incident handling

Nobody wants to have a privacy-related incident, but worse is having an incident without a plan for how to deal with it. We can help you make that plan, so that an incident is not a panic. Or, if you've had an issue, we can help you get back on your feet again.

Some breaches are the subject of mandatory reporting obligations — often to the regulator, and sometimes to affected users — so it is worth having a plan in place so that, if an incident happens, you know what to do and how.

Some communications services may be subject to even more rigorous reporting obligations, requiring notification to the regulator within 24 hours of detection.


We have experience in both leading and supporting on ICO audits. We can help you engage with the ICO and determine audit scope and structure, review existing materials and prepare supporting evidence, help arrange pre-audit documentation packs, and provide on-site support during the audit itself.

We have helped reassure nervous or concerned interviwees, and provided dedicated coaching and support on answering questions and presenting their evidence confidently and succinctly.

We can also help with post-audit representations, if things have not gone quite to plan, or if you feel that the audit findings are not representative of the true position of your organistion.

Contractual issues

If you are going to be engaging someone to process your customers' precious data on your behalf, you'll need to ensure that you have an appropriate data processing agreement, as part of your security strategy.

We have helped prepare suites of documents for clients, to suit different situations, along with accompanying negotiation and liability guidance, to help procurement teams lead on the implementation on data processing agreements with a minimum of legal team support. We have also negotiated tens of agreements with processors around the globe, and we can steer you on issues which are likely to prove a sticking point or cause concern.

If you are processing on behalf of another data controller, you'll want to make sure that you have a clear view of your obligations, risks and liabilities. Getting expert legal advice early in the process can help reach an agreement which works for both parties.

Operational issues

There is a plethora of operational issues associated with processing personal data, including handling subject access requests, managing regulatory correspondence and dealing with requests from customers, third parties, law enforcement and courts.

Many of these obligations can be made easier and less disruptive by thinking them through in advance, rather than waiting for them to arise — we can put you on the right path.

Get in touch
Ideally, please contact us via email:
If you would like to call us, please email and arrange a time first:
You can also find us on social media: