Consulting engagement

GDPR Compliance Audit

A structured review of your organisation's data processing activities, policies, and controls against UK GDPR requirements.

Deliverables

What you receive

Data processing inventory (what data, why, where, how long)
Gap analysis against UK GDPR Articles 5-49
Risk-rated findings with remediation recommendations
Template policies where gaps are found (privacy notice, retention schedule, breach procedure)
Executive summary for leadership

Engagement

Three scopes to choose from.

Starter

Single product/service, < 10 processing activities

Timeline · 2 weeks

Enquire

Standard

Full organisation, 10-30 processing activities

Timeline · 3 weeks

Enquire

Comprehensive

Complex org, multiple jurisdictions, 30+ activities

Timeline · 4+ weeks

Enquire

Ideal client

Who this is for

UK startup or SME that has never had a formal GDPR audit, or one preparing for a funding round, partnership, or enterprise sales.

FAQ

Frequently asked

DPIA

A structured risk assessment for data processing activities that are likely to result in high risk to individuals, as required by UK GDPR Article 35.

Learn more

Advisory Retainer

Ongoing access to privacy and compliance expertise on a retained basis. Includes a set number of hours per month for ad-hoc questions, reviews, and guidance.

Learn more

Ready to get started?

Tell us about your organisation and we will scope the right engagement for you.

Start a conversation

GDPR Compliance Audit

What you receive

Three scopes to choose from.

Starter

Standard

Comprehensive

Who this is for

Frequently asked

Do I need a GDPR audit if I only operate in the UK?

What happens after the audit?

How is this different from a legal review?

Related services

DPIA

Advisory Retainer

Ready to get started?