Book FREE Consultation

URM is pleased to provide a FREE 30 minute consultation on GDPR for any UK-based organisation. Once an enquiry form has been submitted, we will be in touch to understand the nature of your enquiry and to book a mutually convenient time for a 30-minute consultation slot with one of URM’s specialists.

GDPR Consultancy and Training Specialists

Pragmatic and tailored approach to GDPR compliance

FREE GDPR Compliance Review

High-level review of your GDPR compliance position.

Offer is valid until

29/8/2024

Find out more

GDPR Consultancy Services

If you’re looking for support in achieving compliance with the General Data Protection Regulation (GDPR) and other data protection-related legislation, and then maintaining it, URM’s GDPR consultants can provide you with a range of services as follows:

Virtual DPO Service

Enables you to access not just one, but a team of experienced and qualified data protection practitioners, each with their area of specialism, e.g., dealing with the regulator, i.e., the Information Commissioner’s Office (ICO), advising on challenging subject access requests (SARs), conducting data protection impact assessments (DPIAs), developing records of processing activities (ROPAs), managing personal data breaches, improving information security, developing awareness presentations, and transferring data to third countries using standard contract clauses (SCCs).

With our service, you can gain expert practical advice, guidance and support, as and when needed.  You can also ensure there is no ‘conflict of interest’ between the DPO and other business activities i.e., the DPO should not be a company director or HR representative.  You can also be confident of complying with the latest regulatory and legal developments, as URM’s Team closely monitors any clarifications/interpretations on the GDPR/DPA from sources such as the ICO.

  • Totally flexible arrangement with site (in person or remote) days delivered at a frequency set by you
  • Ad hoc guidance and advice on all aspects of data protection
  • Urgent response services for those time critical matters and issues
  • Annual GDPR auditing to provide assurance to key stakeholders.

For more detailed information on the contents of URM's Virtual DPO Service please refer to our data sheet.

Virtual DPO Service Data Sheet

Conducting a Gap Analysis

One of URM’s most popular services, is its 2 or 3-day high-level GDPR gap analysis which will assist you understand your current levels of GDPR compliance, identify gaps and vulnerabilities, and enable you to establish and implement a prioritised action plan.  The gap analysis can be conducted remotely or on site and typically involves interviews with pre-agreed personnel and a high-level documentation review.  URM will be looking to understand how you process personal data in each area of your business, the measures you have in place and also understand the relationship with third parties and contractual data protection requirements.  A RAG status diagram is often used to illustrate at a high level your GDPR compliance, and you will receive clear guidance on which gaps to prioritise in terms of remediation activity.

Remediation Support

Having completed a gap analysis on your organisation’s levels of GDPR compliance, URM can provide pragmatic and tailored support in addressing these gaps.  It may be in helping you develop an overarching data protection policy or in one or more of the supporting policies or processes surrounding data retention, data subject rights, third party (data processor) supplier management, and data breach management.  Or it may be helping you develop or refine your data retention schedules, privacy notices or your record of processing activities(ROPA).  Whatever your requirement, URM can help with all areas of your remediation plan.

Data Protection Impact Assessments (DPIAs)

A data protection impact assessment (DPIA) is a process to help you identify and minimise risks associated with processing personal data.  For many years, conducting DPIAs has long been considered a best practice activity, but has taken on greater significance with the GDPR where they are mandatory for any processing that is likely to result in a high risk to individuals.  Conducting DPIAs will also reduce the probability of data loss or breaching data subject rights and freedoms.  An effective DPIA can also bring broader compliance, financial and reputational benefits, helping you demonstrate accountability and building trust and engagement with individuals and should become standard practice in every organisation.  URM’s DP consultants are able to advise you on where you should be conducting DPIAs but, more importantly, how to conduct them and what the outputs should be, e.g., identifying and assessing risks to individuals taking into account both likelihood and severity of any risk, as well as identifying any additional measures to mitigate those risks.  URM’s team can also provide a review service to ensure you take the right actions.

Producing records of processing activities (ROPAs)

As seen with the mandatory requirement to conduct DPIAs, the GDPR is a heavily risk-based law.  However, many organisations are missing one of the best tools for identifying data risk in their processing, i.e., a record of processing activities (or ROPA), despite, currently, it being a statutory requirement for most organisations under Article 30.  In URM’s opinion a ROPA should be front and centre of any controller’s DP compliance effort.  URM has helped a number of organisations develop their ROPAs and once developed can help you identify not just the risky processing, but also the mitigating steps that can be taken to control those risks.  It’s worth remembering that the ROPA will be one of the first compliance documents requested by the regulator in the event of a data breach.

Data Subject Access Request (DSAR) Redaction Service

One of the areas which organisations often struggle with when dealing with DSAR redaction is understanding what legal exemptions are available and, more importantly, can be applied. Find out more about GDPR DSAR services provided by URM.

See Client Feedback on URM DSAR Service

Training and Awareness

URM is very experienced at developing training and awareness material to cover personal data protection requirements and policy compliance for the whole organisation and can offer online training and assessment via URM’s portal (Alurna).  For more in-depth requirements, URM can provide the BCS Foundation Certificate in Data Protection training course which is aimed at providing your organisation’s DP specialists with a sound grounding and practical interpretation of the key elements of UK data protection law, including the UK GDPR and the UK Data Protection Act 2018.  URM also offers a tailored training service for specific activities, such as developing ROPAs and DPIA processes.

Get in touch

Please note, we can only process business email addresses.

Why URM?

Track record

URM’s DP and GDPR consultants have extensive ‘real world’ experience as both practitioners and subject matter experts working at a senior level within business and in their data protection consulting roles advising organisations on best practice.  With a 17-year track record assisting organisations to comply with legislation such as the Data Protection Act, the GDPR and local country-specific legislation, URM has earned a reputation for adopting a pragmatic and business appropriate approach.

Flexible service offerings

A key differentiator between URM and other data protection service providers is our flexible service offerings.  Our virtual DPO service can be customised to your precise requirements, in terms of the type of support you require and the frequency of site days (remote or on site) etc. Equally, with our remediation support, URM can assist you address any gaps identified and achieve full GDPR compliance. We can also help you maintain that compliance with GDPR auditing services.

Knowledge transfer

URM prides itself on its knowledge transfer philosophy and training expertise which helps to ensure that you not only understand what the principles and requirements of the GDPR are but how to best meet them.

Information Security FAQ

Updated Data Protection Laws Introduced by Chile and India

Published on
22/11/2024

URM’s blog explores the different requirements introduced by these new laws, and the likelihood of a subsequent UK/EU adequacy decision for each nation.

Read more
Thumbnail of the Blog Illustration
Data Protection
Published on
31/10/2024
DUA Bill: An Initial Assessment

URM’s blog compares the Government’s new Data (Use and Access) Bill with the previous Government’s DPDI Bill, & how it may alter the UK GDPR when it is passed.

Read more
Thumbnail of the Blog Illustration
Data Protection
Published on
27/9/2024
Data Protection Considerations for Monitoring Employees

URM’s blog offers key advice and detailed guidance on how to balance your organisation’s needs with GDPR compliance as you perform workplace monitoring.

Read more
Thumbnail of the Blog Illustration
Data Protection
Published on
13/9/2024
How to Conduct a Legitimate Interest Assessment (LIA)

URM’s blog discusses the importance of LIAs for maintaining compliance with the GDPR, as well as providing a step-by-step breakdown of how to conduct one.

Read more
"
We used URM as we had a large amount of information to redact for a Court of Protection case and neither had the time nor the knowledge to be able to complete this appropriately. URM were suggested to us and we made contact. They responded very quickly and were able to explain their role, estimated timescales & costings. During the initial consultation, they were very professional and approachable, and certainly had the skills we required. URM’s consultant provided us with details of the work they had completed before & we felt confident to pursue the work with them. We were on a tight deadline for court and URM were confident that they could provide the services we required in a timely manner. The logistics of sending a large amount of confidential documents were easy to navigate and straightforward. We were unable to very accurately gauge how much work was required, however URM’s Team supported us with this and maintained regular contact regarding their progress and addressed any concerns they had. When we needed to contact them, they were prompt with their responses. The work did take longer that envisaged, however that was due to the amount of work that we, as clients, were unable to accurately identify would be required. We did, however, meet the deadline for court. I would certainly use the services of URM again & if possible would work with same team. The services are not cheap, however redacting sensitive information is a skilled task and, therefore, having a professional complete this work is priceless.
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.