Data Privacy & GDPR

Are you ready for the most significant ​data regulation upheaval in 20 years?​

Header: Data Privacy

The EU General Data Protection Regulation will greatly enhance citizens’ data rights and cement the need for businesses to employ robust information security and data privacy policies and processes. The clock is ticking – are you up to the challenge?

Data and information lie at the very core of every business, and keeping informational assets protected is essential. Data breaches cause irreparable damage to a company’s reputation – the Poneman Institute reports the average cost of a breach is £2.4M.

Customers want to know they can trust your organisation to keep their private information safe, and you want to avoid the high costs and pain of a data breach. 

The EU General Data Protection Regulation (EU GDPR) is soon to come into effect, strengthening and unifying the laws governing data protection and use. 

Businesses must be ready. A reputation takes years to build but can be damaged or demolished in just moments.​ 

EU GDPR: Key Facts​

  • Penalties for failure to comply are severe: up to 4% of gross global turnover or €20M
  • The EU GDPR concerns any EU citizen’s data, processed anywhere in the world
  • Customer data can only be processed with express consent
  • Consent must be positively given and unambiguous – “opt in” only
  • Consent can be withdrawn and requests for data erasure made
  • Consent, along with data, must now have an expiry date
  • Employees are also considered an organisation’s “customers”
  • Security breaches must be reported to statutory bodies within 72 hours

How We Help You

Our Data Privacy solution offers:

  • Evaluation of your end-to-end data journey, related control frameworks and overall data security risk
  • Traceable real-time discovery and inspection of information stored on desktops, laptops, corporate networks, cloud shares and BYOD
  • Rigorous classification of information, tracing and tracking to enforce relevant policy based actions


  • Identify and control sensitive data transferred via email, systems or web as part of the scanning process
  • Provide appropriate visibility, user education, and controls relevant to your business assuring full Data Protection Act and EU GDPR compliance.

The Benefits to You

  • Avoid punitive sanctions and fines
  • Improve credibility and brand loyalty
  • Gain overall peace of mind
  • Simplify and improve processes
  • Improve your marketing

Our Rigorous Methodology for Data Privacy

Our solution is a seven-step cycle ensuring that every aspect of data privacy and information security is covered.​ Click or tap on each stage below for more… 



  • We perform a "health-check" to articulate the scope of the challenge and validate intention
  • Agree decision making authorities aligned to Legal and Privacy Office counsel


  • A review of your end-to-end Data Privacy journey
  • Prioritise the phasing of challenge resolutions and validate with key stakeholders


  • Scope/design recommend solutions, applying best practices and shared learnings
  • Develop and validate a detailed implementation plan including governance frameworks
  • Create bespoke in-built technology and business policy assurance


  • Identify, test and implement authenticated solutions
  • On-going review of reality to ensure alignment
  • Visibility through a fit-for-purpose controls framework


  • Initiate specific technology tools
  • Data classification and management
  • Tracing and tracking to enforce actions


  • Appropriate awareness programmes
  • Develop relevant and specific training
  • Establish focal point network


  • Bi-annual check-up
  • Integrated change and controls
  • Automated Data Privacy policing

A Case in Point: 
​Trade Control Compliance Regulatory Review 

We helped our client perform a review of Trade Control Compliance of the B2C aspects of a Retail business to understand its current state and compare it to their B2B area, which was acknowledged as a best practice leader. The Management team were seeking reassurance on the level of compliance and the effectiveness of controls. We examined the Trade Controls Manual and Guidelines, and matched these to the Retail activities.

A target model of roles, activities and controls was identified and agreed with the legal and regulatory teams. Then we began our investigations to review these areas and identify what was in place and how well the controls were performing.

We led workshops with key stakeholders to verify our findings and to draw conclusions and recommendations based on residual risk.

We produced the report for the Leadership Team and the recommendations were accepted by the client and were implemented straight away. Knowledge transfer from our expert has put the division in the position to carry out this type of control and monitoring independently in the future and to a level of clarity and precision not previously seen.​ 

Chaucer has been trusted in reviewing the Trade Control compliance aspects of the Retail business, providing reassurance to the Management team as to the level of compliance and the effectiveness of the associated controls. ​Chaucer demonstrated flexibility and adapted to our plans – they provided a very valuable service by performing this review within a challenging timescales 

Latest Viewpoint Article

  • Big data: with great power comes great responsibility

    23rd February 2017

    Our world has transitioned from being surrounded by to being truly immersed in technology. That’s not to say that technology governs our lives, but rather acknowledging the significant role it plays; in the way we live (FitBit), communicate (Snapchat), travel (Tesla Autopilot) and even find love (Tinder). The result of

Attend our next 
​Data Privacy Webinar

Take your first step to a more secure and fully compliant data policy by registering your interest in attending our next free Data Privacy Webinar.

Further details will be announced soon.