The General Data Protection Regulation cames into force in the UK on May 25, 2018. All businesses (inside and outside of the EU) will be required to comply.
Click here to download our Executive Overview for information on how the new regulation will affect your business.
How we help?


By now, all Business owners and managers should be aware of the impending GDPR, however many businesses are still unprepared for the new regulation. Whilst the new regulations are complex and difficult to interpret, with the correct approach and advice GDPR can be implemented and maintained effectively.


PECOMi Consulting's approach to GDPR provides many benefits, including:


  • Reducing your organisation's administrative burden

  • Simplifying each step to encourage employee buy-in

  • Improving upon manual business processes, utilising automation where possible

  • Integrating into existing processes to minimize impact on staff

  • Ensuring new business processes are implemented with privacy by design

  • Promoting Senior Management buy-in


The following services can be packaged as a single solution, or utilised individually to meet the requirements of your organisation.

GDPR gap analysis


An initial GDPR gap analysis via an on-site review, to determine your current status and to provide a plan to tackle the areas that require attention. 


Our GDPR gap analysis will include:


  • Understanding the scope of your Personal Information Management System (PIMS)

  • A review of your current policies and procedures

  • Interviews with your management team to understand current business processes involving personal data


A detailed report will be provided outlining the maturity of your PIMS, a breakdown of recommendations and a summary of further actions to be undertaken.

PIMS guidance and implementation

With GDPR applying to all organisations regardless of size, allocating suitable resources to ensure compliance is proving a major difficulty. Once a gap analysis has been conducted, our consultants will undertake the following activities according to a pre-agreed implementation plan:


  • A full data audit

  • Data mapping and process flows

  • Risk assessment

  • Data security audit

  • Implementation of Data Protection and related Information Security controls

  • Tailored documentation, including privacy and PIMS/Data Protection policies

  • Staff training and competency review

  • Privacy Impact Assessment (PIA)

  • Data Breach procedures

  • A review of third-party security


All activities will be undertaken in-line with British Standard 10012:2017. In addition, PECOMi Consulting will guide your organisation through the certification process for those businesses that request it.

Virtual Data Protection Officer (VDPO) and Virtual Privacy Adviser

For some organisations the appointment of a Data Protection Officer will now be a legal requirement for those processing special categories of Personal Identifiable Information (PII). Historically, this role has been merged with that of the IT Director, CIO, or MD, however, from May 25th businesses must ensure that the holder of the DPO post has sufficient expertise in Data Privacy and duties that are sufficiently segregated from operational roles that include access to PII.


For many organisations that deal with the special categories of personal data, the GDPR will mean you are now mandated to have a Data Protection Officer. For those that require this, PECOMi Consulting offer an outsourced option.


For organisations that are not mandated but deal with large volumes of Personal Information, PECOMi Consulting provide a Virtual Privacy Officer service to help maintain your responsibilities within the GDPR.


Each of these service offerings comprise of:


  • Ensuring staff compliance with GDPR best practices

  • Maintaining your PIMS

  • Conducting internal audits

  • Provide Data Privacy training to staff

  • Becoming your single GDPR point-of-contact, including liaising with the ICO when required

  • Being on-call to help with any Data Privacy queries you may have


AI Data Discovery


Data volumes in organisations are increasing exponentially - doubling every 18 months. Companies have incomplete knowledge of their unstructured data content, including emails, file shares, SharePoint and other storage repositories.


PECOMi Consulting utilise a number of cutting-edge tools to analyse and organise this unstructured data, providing valuable insight into asset information as part of your GDPR compliance project.


  • The tools are designed to incorporate advanced AI and Data Management capabilities, making it simple to analyse multiple data sources

  • Gain insights into risk exposure, isolate Personal Identifiable Information (PII) and produce risk reports

  • Designed to make sense of your unstructured data, helping you to stay compliant and discover new ways to use your data

Data Privacy Impact Assessment (DPIA)


PECOMi Consulting offer multiple methods of ensuring DPIA's are conducted efficiently. DPIA's must be conducted at the start of any project that may involve the use of Personal Identifiable Information (PII). Our range of DPIA services include:


  • Guidance through the process of completing a DPIA with each of your key staff

  • Ensuring the fundamental GDPR principles are adhered to

  • Conducting a risk assessment for each process with recommendations

  • Generating reports with a full audit trail of decisions


As part of our services we will be on call to advise on matters concerning data privacy.

Subject Access Requests (SAR)


Individuals who want to see a copy of the information an organisation holds about them are entitled to make a Subject Access Request. There is a strict time limit of one month from submission for this information to be provided, and it must be completed free of charge.


The GDPR brings with it a raft of new rights for Data Subjects, not only the Right of Access but also the Right of Erasure and the Right of Data Portability. Each of these consist of their own challenges.


These processes must be as automated and as streamlined as possible to prevent undue administrative overhead. PECOMi Consulting have a number of approaches that can be tailored for your business, including partnered solutions to automate and ensure the security of any request in transit.


Staff Training and Awareness


Staff training and awareness is a crucial element of GDPR compliance. PECOMi Consulting have a number of options for training your staff in Data Privacy, including:


  • Bespoke training manuals, targeted based on each of your departments' responsibilities

  • Classroom training

  • Interactive presentations


 All training is tracked to ensure you meet your GDPR staff awareness requirements.