When you just need a helping hand

We have services that can get you on top of the compliance mountain

Tailored to your needs

Sometimes you just don't have the capacity or skills to do what is needed to make and keep your organisation compliant.  We believe that compliance is something that needs to be woven into the culture of an organisation and, to that end, we have structured our services to support you in learning, adopting and embracing new ways of working.

Every business is different; some need lighter advisory help and others want a full support package.  We have designed a selection of services which can be tailored to provide the support you need, all underpinned by our compliance dashboard so you can see exactly where your company is on its journey.

We know that you need to control costs, so we have sought to be as open as possible on our pricing whilst providing a range of options based around 3 levels of support: Advisory, Supporting and Greater Depth; you can pick an choose from the levels to suit your requirements.  We have also included a starter bundle to make getting started easier along with a Data Protection Officer service for those that need one.

Our Approach

To provide you with the greatest flexibility in picking the help you need, we've broken our services in to three levels:

Gyding Hand Starter Pack: Because flexibility and choice can still be difficult to fathom, we have put together a basic package of services to just get you going.  This is a fixed price with clear deliverables to get you on the road to compliance.

Advisory: Usually half a day for each aspect of compliance, we provide a contact to answer your questions as you work through your own compliance plan.  This would suit the organisation that has the capacity to handle the workload, but needs help understanding what is needed
Supporting: This level of support generally starts at one day per aspect of compliance.  We would take a more involved role in the activity, providing training, advice and bolster your capacity.  This provides for those that need more than pure advice with some hands-on resource.
Greater Depth: With this type of support you get a skilled resource who can work with your team to do what is necessary to move you towards compliance.  If your organisation is lacking the available resources to get through the workload, this is for you.

Gyding Hand Starter Pack

  • Initial Assessment
    A complete day of dedicated, specialist advisory support to get you started on your GDPR journey. This would include support in completing the Gydeline assessment tool and completing a more detailed gap analysis of the current compliance status of your business
  • Awareness & Training
    Training is a mandatory requirement of GDPR and we would provide a bespoke half day of training for key people within your organisation
  • GDPR Project Plan
    We will work with you to produce a plan for your organisation to become GDPR compliant. We will bring ideas and best practice and merge this with the specific needs and circumstances of your organisation
  • Data Protection Impact Assessment
    Provision of process and templates to show you how to complete your impact analysis. In addition we will spend half a day completing an initial DPIA(s) with you
  • Supplier/Contract Review
    Half day review of of existing relationships and any personal data impacts. Review of contracts to ascertain if required GDPR elements are present
  • Templates
    Provision of a set of standard templates and processes to get you started on the GDPR journey

Advisory Services

Click on the tabs below to see a brief description of the services available at each level.
  • Advisory (half day)

    • Initial Assessment
      Support in completing the Gydeline tool assessment
    • Awareness & Training
      Provide outline recommendation on awareness and training approach.
    • Data Mapping
      Advice on the creation, documentation, storage and update of data mapping
    • Public Communications
      Provide and recommend approaches to key public documents (e.g. privacy notice, policies)
    • Rights
      Advice on which rights need to be enabled and the supporting processes/systems which are required
    • Consent
      Advice on consent approach, requirements and best practice.
    • Impact Assessment
      Assessment of current Data Processing Impact Assessment (DPIA) and Risk position. Advise on process and approach.
    • Transfers
      Advice on transfer approach and key mitigations
    • Breaches
      Advice on Breach requirements and implications
    • Documentation
      Sample document approaches and templates provided and discussed
    • Monitoring
      Advice on the ongoing monitoring requirement and supporting document/system requirements
    • Measures
      Guidance on all measures and how they should be implemented
    • Planning
      Work with outputs from Gydeline to create outline plan for GDPR compliance
    • Project Management
      Advice on establishing a project process for compliance implementation
  • Supporting (1 day)

    • Initial Assessment
      (See Advisory Services)
    • Awareness & Training
      Conduct an initial 3 hour training session
    • Data Mapping
      Review existing maps and systems and recommend mapping details, clarification and documentation improvements
    • Public Communications
      Review existing/drafted notices and policies and recommend required updates
    • Rights

      Review key processes (e.g. Subject Access Requests) and ensure they are fit for purpose, meeting all rights requirements

    • Consent
      Review existing consents and process for ensuring correct consent is obtained
    • Impact Assessment
      Review of completed DPIA, recommendations and updates
    • Transfers
      Review (alongside data maps) information locations and vulnerabilities
    • Breaches
      Provide sample breach documents/reports and review existing breach processes
    • Documentation
      Review of existing document set and advice for completion/updates
    • Monitoring
      Detailed review of ongoing outputs and processes
    • Measures
      Review the implementation state of all measures
    • Planning
      Working with your business, create a more targeted prioritised plan with a set of metrics and outputs
    • Project Management
      Working with your project manager to establish processes in your organisation
  • Greater Depth (2-3 days)

    • Initial Assessment
      (See Advisory Services)
    • Awareness & Training
      Provide specific training to areas of the business focused on key areas of GDPR applicable to them
    • Data Mapping
      Map key systems and provide outputs back to the business
    • Public Communications
      Write draft notices for approval. Make legal introductions if required. Review legal basis.
    • Rights
      Detailed review of supporting IT systems and processes to ensure all rights can be enacted
    • Consent
      Refinement and changes to specific consent collection processes and review/recommendation of strategy for records maintenance.
    • Impact Assessment
      Completion of DPIA for key identified business areas
    • Transfers
      Provide detailed plan and options for safeguarding or migration of data as required.
    • Breaches
      Work to identify how systems management and monitoring can support breach requirement.
    • Documentation
      Creation of key documents and adjustment of templates to match the organisations standards
    • Monitoring
      Sample “supervisory authority investigation” to test outputs available in correct formats
    • Measures
      Work with the business to create detail implementation plans for all required measures.
    • Planning
      Create a full plan for achieving GDPR compliance – plan to include identification of those areas where compliance is likely to be difficult to achieve within initial plan
    • Project Management

      Management of defined plan and resources, including a monthly board meeting

Pricing (services)

  • Gydeline Subscription

    All our service engagements have a prerequisite of a GDPR Gydeline subscription appropriate to the size of the organisation - pricing can be found here

  • Gyding Hand Starter Pack
    £2500 plus expenses
  • Advisory Service day rate
    £650 per day plus expenses
  • VAT
    All prices are subject to UK VAT @ 20%

** Expenses cover the travel and accommodation that may be required in support of delivery to your location

Let Gydeline simplify your compliance needs

Contact us today and start your compliance journey

Copyright 2016–2018 Gydeline Ltd

Registered in England & Wales No. 09559617 | 48 St Nicholas Street, Bodmin, Cornwall, PL31 1AG | VAT No: 226 0817 24