DPAS can provide GDPR Subject Matter Experts (SME) a GDPR Business Analyst and/or a GDPR Project Manager to come and work onsite in your organisation to deliver your GDPR compliance project.

From £495 + vat 


DPAS can provide GDPR Subject Matter Experts (SME) a GDPR Business Analyst and/or a GDPR Project Manager to come and work onsite in your organisation to deliver your GDPR compliance project.


These services follow naturally on from our Audit and Assurance Gap Analysis and Record of Processing Activity services. Our remediation packages allow your organisation to remediate any areas of non-compliance and reduce the associate risk. This means that you should be able to demonstrate accountability to GDPR and run your organisation at an acceptably low level of risk in relation to data privacy challenges.


Every organisation’s remediation package will be different and based upon its needs, priorities, and information governance maturity levels.


We often suggest a governance model which enables clearer areas of responsibility, accountability and engagement across all levels of the business.


Using this model, we can provide a full suite of policies, plans and templates, including (but not limited to):

  • Internal and External privacy notices;

    • This means that you can meet your transparency obligations under Articles 5, 12, 13, and 14 of GDPR. Typically, we encourage organisations (size dependant) to have between 2 and 3 privacy notices. These are for external users (i.e. customers, clients, service users), internal users (i.e. staff, contractors, temps etc.) and job applicants.

  • Data Incident and Breach Management Policies and Procedures

    • This means that any breaches or potential incidents involving personal data is escalated quickly, efficiently and with the right information. From there the right people can action the policy so as to meet the statutory reporting timeframes, stop the breach, and address it so as to minimise potential harm to data subjects.

  • Marketing and Electronic Communication Policy

    • In a world where people are bombarded by electronic messaging (from digital marketing to emails in the office) there are a number of regulatory requirements. These requirements can in places be contradictory and outdated due to technological developments. DPAS will work with you to make sure you have a policy which means you only market where it is lawful to do so, and with the correct permissions in place.

  • Subject Access Requests and Individual Rights letters, templates, guidance and policy

    • GDPR introduces tighter timeframes and stringent validation criteria when responding to Subject Access Requests or other requests such as Erasure or Portability. It can be time consuming and confusing, with a number of exceptions being available. This policy when implemented successfully addresses these concerns.

  • Data Protection Impact Assessment Policy and Template

    • These are statutorily required to be undertaken where processing is likely to result in a high risk to individuals (and other areas). This is a simple solution to an important area of DP compliance.

  • Retention Policy and Schedules

    • In an era of business where organisations are constantly bombarded by data, it is important to have clear retention policies and schedules so that you do not keep data longer than necessary. This policy helps to provide structure and encourages a way of thinking whereby data is not just seen as an asset, but also as a liability.


  • It is possible to ‘pick and mix’ our remediation packages, based on where there are gaps in compliance.

  • Our policies are constantly being updated and revised based on the latest guidance and regulatory changes.

  • Our packages are tried and tested in a number of organisations and are proven to be successful.

  • We have a range of template policies which we can tailor to your organisation, ensuring that we keep consultancy time to a minimum

  • Our suite of policies use clear and concise language so as to be understandable and easily followed by all staff.  


Contact us and find out how our Data Protection services can benefit your company.Before filling in the form please ensure you have read and understood our privacy notice.


10 Oaktree Place, Marsh Barton, Exeter,

Devon EX2 8WA

01392 914019

  • Black LinkedIn Icon
  • Black Facebook Icon
  • Black Twitter Icon

©2019 Data Privacy Advisory Service Ltd. ALL RIGHTS RESERVED


01392 914019

0203 3013384

 Privacy Notice

Please note all information on this website is for your help and guidance. It should not be regarded as an authoritative

or definitive statement of the law.