GDPR
From a defensible processing register to a 72-hour breach response that holds up under pressure.
GDPR has been in force since 2018, so a buyer asking for help in 2026 usually has a trigger: a Datatilsynet enquiry, a breach, a deal under due diligence, or a DPO vacancy. I run the programme work that gives your DPO, your legal team, and your board a defensible position. Tell me which trigger brought you here and I will skip straight to what matters.
What we deliver
-
Article 30 records of processingA current register of processing activities, ready for the supervisory authority.
- Data Protection Impact Assessment (DPIA) framework
When a data protection impact assessment is required, how it runs, and what evidence it produces.
- Data Transfer Impact Assessment (DTIA)
Transfer assessments under Schrems II and Article 46, with the contract clauses and supplementary measures the data exporter needs.
- Subject rights workflow
Articles 12 to 22 operationalised, from access request to erasure, with deadlines and clear ownership.
- DPO role
Fractional or external data protection officer, contracted with a defined mandate and reporting line.
- Breach response and notification
72-hour notification readiness for Datatilsynet, with role list, decision tree, and pre-filled templates.
How we deliver this service
- In a project
A GDPR readiness review or a DTIA with defined scope and duration.
- In a role at the customer
A fractional DPO seat inside your organisation, contracted over months or years.
- As part of a service
Included in the Secured by FM CyberSecurity bundle for small and mid-sized organisations.
Recent insights on GDPR
- What the EU Cyber Resilience Act is, and who it covers
The CRA is an EU law that ties cybersecurity rules to CE marking, so a product with digital elements cannot enter the EU market without it.
- What ISO 27001 Lead Implementer certification means for your project
An ISO 27001 Lead Implementer builds your ISMS; a Lead Auditor checks it. Hire the wrong role and your certification project stalls.
- From compliance burden to competitive advantage
How leadership teams move from compliance uncertainty to documented control, evidence that holds up under investor, customer, or regulatory due diligence.