Personal Data Risk Management

Affordable compliance with GDPR, without the pain - Concentrate on what you do best!

Learn More

Should you care about GDPR?

The risks are huge, and complying is a costly headache!.

Always someone to blame

Or at least that is what the Law says! Make no mistake, the rather more relaxed attitude to data protection of yesteryear is long gone.

The fines are huge, and you can't pass the buck. If you work with personal data in any way, you will almost certainly have some liability for any fault, and the fines are huge!

Guilty unless you can prove not

It is no longer the responsibility of the regulator to show you are at fault. The presumption is you are guilty, now you have to prove you aren't!

Even if you are trying to respect personal data, and to keep it safe, are your systems up to being able to prove that to a Judge?

Damages too

The new Law will allow data subjects to claim damages. Nothing new there then, except they can now be non-material damages too!

So, making the data subject sad could cost you dear! Don't forget you have to PROVE you didn't do it! The legal teams are gearing up to look for these opportunities.

... oh, and Class Actions

The thing that is really getting the lawyers going is the idea of a class action. Many, many people all awarded a small amount all adds up to massive fees.

When you consider your exposure, you should factor in fines of up to €20 Million or more, plus damages, wrapped up in a class action. This could pose an existential threat to many organisations!

ICO Monetary Penalties So Far

The UK regulator, the ICO has gradually grown the number of actions taken, from 2 in 2009 to 21 in 2015.

In 2016 there were 88 enforcement notices, and in the first half of 2017, there have been 45.



The average penalty has been relatively static at just over £100,000, until 2017. The average value has fallen to under £60,000.

The ICO is more inclined to tackle smaller organisations than ever before, including individuals!


... and ICO fines can be at least 40 times larger under GDPR!

FREE initial consultation!

Call now on 0800 2800 679


Personal Data Risk Management - The Benefits

You're covered

If, despite following the advice, damages or other awards are found against you - we will help protect your organisation from the financial impacts.

Peace of mind

Dept679 will help you put appropriate protection in place so you can be confident you are protected.

No distractions

Personal data probably isn't your business! It's a distraction from the core activities you need to perform. Dept679 takes away the distraction so you can concentrate on what you do best.

Personal Data Risk Management - The Features, Unpacked


Our consultants will need to talk about personal data relating to Clients and Prospects, HR, Warranties, Complaints, Investors – indeed, anywhere personal data is used. The processes and procedures will be explored, and understood so “gaps” in compliance can be discovered.


The follow-up report will provide concrete advice about changes to reduce the likelihood of a compliance problem, and to minimise the impact on both the data subjects, and the organisation. The advice will provide new or improved clauses to include in your policies and procedures. We will not simply tell you to ask your solicitor to create one.


For staff who handle personal data, or might interact with clients or members of the public – the processes are likely to change to embrace the new rules and it’s important they have an appreciation of the changes, and also understand why the processes are so important.


You will have ongoing access to on-line training material for new staff that explains the importance of data protection, and provides a certificate to demonstrate they have been trained, understand the issues, and have passed a test.


FREE access to our experts for telephone advice if you have new projects or ideas and you want to check your Data Protection thinking.


Our monthly newsletter will help you stay on top of data protection issues as case-law evolves. Wherever the case-law has a specific relevance to the way you handle data, we will provide new guidance incorporating the new wisdom.

Cyber Security

Advice to help you achieve the nationally recognised Cyber Essentials PLUS certification, which lowers your risk, and importantly demonstrates you have taken steps to lower the risk.

Fact: Most ICO fines up to 2016 are for failures in security.


An annual review to check that everything is working for you, and you have not drifted away from good GDPR practice.

Dept679 will check your policies and procedures are in line with the law as it has developed over the last year, and offer up-to-date advice about how to address any challenges discovered.


Using the knowledge gained during the survey, we will provide you with the Register of Data Processing, which is required by GDPR as well as evidence of your Training and Induction processes, Policies and contract terms. All designed to be able to demonstrate at “Evidence Quality” what you do, and why you do it, and importantly that Data Protection is treated as a serious issue.

Breach Detection

Our Breach Detection service enables you to know if & when your data has escaped into the wild, whether that is because you have been hacked or because a rogue member of staff has stolen it. The detection provides “Evidence Quality” proof of where the data came from to support you in taking legal action if needed.

Breach Notification

If there is a data breach, you may be obliged to inform the Information Commissioners Office, and possibly all the data subjects involved. If you become aware of a breach, contact an expert immediately to assess the appropriate course of action.

Don't delay, call us today!

FREE initial consultation - understand how Dept679 will help you.

Call now on 0800 2800 679

or e-mail