Question? Call Us +44 330 122 8239

Information Governance Support

Expertise when you need it

We’ve taken a bit of a liberty with the image here, but we’d really love you to think of us as superheroes helping to protect your organisation and its people.

If you have people balancing data protection or other information governance responsibilities with the demands of their normal role one side or the other tends to slip.

We offer ways to build the Information Governance structure you need without sacrificing quality or focus on your core business activities and strategy.

Managed Services

Outsourced Information Governance Expertise

  • Data Protection Officer

    Our Data Protection Officer service appoints a named individual with internationally recognised data protection qualifications and senior management experience to act as your DPO. Easy to contact and responsive, access is given to all members of your staff, customers and business partners as needed.

  • Data Protection Support

    The life of the person responsible for data protection in your organisation can be a lonely one. Sometimes they need skilled resource to take on some of the load, help develop new policies and processes or even to act as a 'critical friend' to help ensure they have considered an issue fully.

  • Data Breach Response

    We will help you identify risks and formulate a response plan before an incident happens - giving you the reassurance that, should the worst happen, you will be able to respond and have ready access to Data Protection expertise rather than having to find it in the middle of a crisis.

  • Data Subject Rights

    Our Data Subject Rights managed service adds the skills you need to an internal team to meet requests in a timely and compliant manner, reducing your staff's time away from their usual duties while ensuring your relationship with individuals and the ICO are protected.

Tailored to your organisation

The support you need

We’re serious when we say we offer solutions not problems. No shoehorning you into a rigid service model. No paying for features you don’t need just so you get the ones you do.

When you need it

We make sure we understand you and your organisation. Our on boarding process ensures we are ready to leap into action the minute you have something you need us to take care of. Quick, efficient and in support of your business, you can leave us to get it done.

You're never on your own

Our services are flexible, allowing you to choose just how involved we are in your Information Governance. You can engage us to handle the whole function from start to finish or opt to involve us only in the most complicated scenarios. We can provide an entirely outsourced service or help you build, staff and train an internal team. Whatever you decide, we are never more than a phone call away if you need some assistance.

When you might need us

The best way for your Data Protection Officer to be able to protect your organisation is for them to be able to demonstrate their independence. Putting aside this is a requirement in law, it also increases the confidence your staff, customers and business partners have in your appointment of a DPO.

Fundamentally, you must be able to demonstrate that there is no conflict of interest between their tasks as DPO and any other role they may fulfil. A number of roles such as those with a senior management position, heads of IT or HR and even some legal advisers have been identified in regulatory guidance as having a potential conflict of interest.

Your DPO should be able to commit the time neccesary to perform their tasks as required by legislation. This may not always be possible for an internal appointee who has other responsibilities – even when they do not conflict with those of the DPO. Most importantly, your DPO needs to be accessible to your staff, customers and the ICO in an easy and timely manner.

On the face of it, honouring a Data Subject request should be fairly straightforward. The reality however is often different.

Your team dealing with requests need to have sufficient knowledge of your obligations and the time to assess and respond to each request in the timescales allowed.

For example, they need to be able to balance the right of someone to see the information you hold about them with the rights of others whose information may be linked to them.

Redaction of records provided to an individual needs to be carefully done, including ensuring the redaction cannot be undone and includes stripping a file of meta data etc where necessary.

The team dealing with your Data Subject requests needs to be knowledgeable and have the skills to be able to  communicate why your organisation may not be able to provide the result the customer asks for e.g. being able to explain why a deletion request can only be fulfilled in part and how your company plans to protect the data which cannot be deleted.

Remember that a complaint to the ICO is a potential outcome and your response team needs to be sufficiently proficient to spot and mitigate any issues in advance.

Once a Personal Data Breach has been identified you need to be able to carry out an assessment of the risks to the individuals affected. This assessment needs to consider a number of areas including the way the breach occurred, the data involved and the potential impact on the people affected. It must be conducted in timely manner in order to decide whether a formal report needs to be made to the ICO.

Our main role in your breach response is to carry out an assessment of the risks to the individuals affected by a personal data breach. We have developed a proprietary risk scoring methodology based on commonly accepted principles. This is then used to inform a recommendation as to whether the breach needs to be reported to the ICO and the affected individuals.

We ensure that all incidents involving personal data receive appropriate treatment and review – crucially including those which may fall outside your IT security policy’s definition of an incident. We help you maintain your logs of personal data incidents, reviewing them on a regular basis and helping to ensure necessary changes are embedded into your policies and processes.

Even if you are fully aware of all your responsibilities and have an internal DPO with the requisite knowledge, there will be times when the resource available does not match the demands of your privacy programme. Sometimes they need skilled resource to take on some of the load or even to act as a ‘critical friend’ to help ensure they have considered an issue fully.

If you’re not required to appoint a DPO and choose not to make a voluntary appointment, you will still have to monitor your compliance with your privacy obligations and be able to keep up with changing legislation and guidance from the ICO. Your teams and management will have data protection related issues and queries.

e.g. The overarching aim of a Data Protection Impact Assessment is to demonstrate you have considered the risks to the rights and freedoms of individuals that your use of their data poses. Operational and project teams need the support of a ‘critical friend’ who understands the context of the work they do but has the privacy expertise to be able to independently consider the impact and risks while offering appropriate solutions to help mitigate those risks.

Unless there is someone with sufficient knowledge within the business you run the risk of the wrong privacy decisions being made – even if they are made for the right reasons.

Frequently asked questions

In order to realise the true operational and commercial value of good privacy, you need to be able to react to the demands of your internal teams. Not every organisation has the resources to be able to maintain a full time privacy team responsible for helping to conduct legitimate interest assessments, DPIAs, dealing with Data Subject Rights requests etc. The workload associated with privacy can vary as can the availability of your internal resource – even your DPO or Data Protection Manager needs to take annual leave sometimes.

We would rather you looked at it in terms of the return you get from reduced risk, increased data value, operational efficiencies and saved effort , but…

The quick answer is ‘it depends’. It depends on the services you need us to provide and the level of support you need.

Our service is flexible, allowing you to choose just how involved we are in your Data Protection and Information Governance framework.

It costs nothing to find out if we’re right for each other and to get a fully costed solution to your needs. Why not get in touch?

As well as qualified data protection compliance professionals we can provide support resource including administrative support, business analysts and network and information security professionals.

Our aim is to build a team which supports your organisation e.g. We can operate a data protection help desk function available to all your staff and customers, helping to field queries on data protection matters and providing a central triage point for complaints and other issues which may need escalation to your DPO.

We make use of technology to ensure all queries and issues are logged and tracked to ensure agreed SLAs are met.

You will be assigned a single point of contact who will be responsible for providing regular metrics based reports on the services we are providing.

Get Started

Let's talk about your needs

We know. This is normally where you’d see an easy to submit enquiry form. One that’s likely an entry into a lottery whether you’ll get a response or not. 

Get the answers you need. We don’t bite.

Use live chat or book in a no obligation online meeting to help us get to the bottom of how we can best help you (invite some colleagues if that will help).

Learn More

Related Insight

Related Events

jQuery(function($){ $(document).on('click','.elementor-location-popup a', function(event){ elementorProFrontend.modules.popup.closePopup( {}, event); }); });
@font-face { font-display: block; font-family: Roboto; src: url( format("woff2"), url( format("woff") } @font-face { font-display: fallback; font-family: Roboto; font-weight: 600; src: url( format("woff2"), url( format("woff") } @font-face { font-display: fallback; font-family: Roboto; font-weight: 700; src: url( format("woff2"), url( format("woff") } #sib-container input:-ms-input-placeholder { text-align: left; font-family: "Helvetica", sans-serif; color: #c0ccda; } #sib-container input::placeholder { text-align: left; font-family: "Helvetica", sans-serif; color: #c0ccda; } #sib-container textarea::placeholder { text-align: left; font-family: "Helvetica", sans-serif; color: #c0ccda; }
Your subscription could not be saved. Please try again.
Your subscription has been successful.


Subscribe to our newsletter and stay updated.

window.REQUIRED_CODE_ERROR_MESSAGE = 'Please choose a country code'; window.EMAIL_INVALID_MESSAGE = window.SMS_INVALID_MESSAGE = "The information provided is invalid. Please review the field format and try again."; window.REQUIRED_ERROR_MESSAGE = "This field cannot be left blank. "; window.GENERIC_INVALID_MESSAGE = "The information provided is invalid. Please review the field format and try again."; window.REQUIRED_MULTISELECT_MESSAGE = 'Please select at least 1 option'; window.translation = { common: { selectedList: '{quantity} list selected', selectedLists: '{quantity} lists selected' } }; var AUTOHIDE = Boolean(0);

We use Sendinblue as our marketing platform. By Clicking above to submit this form, you acknowledge that the information you provided will be transferred to Sendinblue for processing in accordance with their terms of use

jQuery(function($){ $(document).on('click','.elementor-location-popup a', function(event){ elementorProFrontend.modules.popup.closePopup( {}, event); }); });


We're excited you'd like to come along!

However, we need to tell you something important before you do:

How we use the personal data you provide when booking to attend an event.

In short, we ask for your name, email, the organisation you represent and phone number. For paid events we also collect billing information to process your order. We use this information to manage the event and your attendance by sending you email and SMS (if you provide a mobile number) confirmations and reminders about the event and any replays which are available. For some events we may invite you to complete optional surveys to either help us tailor the event beforehand or get feedback from you after the event is over.

The information you provide will be transferred to our Webinar platform provider where we use analytics to help measure the effectiveness of our webinars e.g. record whether you attend the event and how long you attended for. We also store your information in our CRM where it may be combined with publicly available information about you or the organisation you represent (such as that from LinkedIn or Companies House) and your communications with us. This combined picture will be used to help identify which of our services may be of interest to the organisation you represent; so, yes, we may market to you but only in your professional capacity and only in a targeted way once we know more about how our services may be of benefit to the organisation you represent. Above all, we promise to stop when you tell us to.

Please see our Website Privacy Notice for more information.

fidabona celebrates
Subscribe to get 15% discount