GDPR Readiness

Consultancy and Training to Ensure GDPR Compliance.

Today’s technology landscape is growing ever more complex. Big Data analytics, Artificial Intelligence, Blockchain and other factors create a challenging scenario for businesses concerned about their data privacy obligations.

Our GDPR consultants have honed their data privacy expertise for over 20 years, while helping clients across multiple sectors meet the demands of stringent regulation. Our tailored approach combines a range of specialist services according to your precise needs.

The new GDPR legislations objective is to:

  • harmonise individual country level laws and ensure that Customer data is adequately protected
  • apportion penalty levels for non-GDPR compliance. Penalty levels are assessed at up to “the higher of 4% of an enterprise’s worldwide turnover or €20m”

The GDPR legislation is designed to provide “data subjects” (Customers) with several new rights including:

  • more transparency over how their data is being used
  • a need for explicit permission from the customer for how the data is being used
  • right to withdraw consent
  • more rights to transfer and delete data
  • limits on data profiling customers
  • mandatory breach notifications when their data may have been compromised.

Bridewell Consulting’s GDPR assessment offerings are designed to help organisations understand the impact and implement the changes that GDPR will impose on organisations.

Organisations are ultimately accountable if they fail to protect the personal and sensitive personal data of their staff and customers. Processes will need to be amended to account for the additional operational and administrative overheads GDPR will bring. But these are all for the benefit of protecting both customers and the organisation processing the customer data.

So the question is are you ready?


The GDPR imposes several changes on organisations that processes personal and sensitive personal data. Understanding where the organisation is today and what needs to be done to address the requirements of GDPR will have a number of benefits:

  • Action now will address the challenges in a phased manner
  • Demonstrate to customers the importance the organisation places on the protection of personal and sensitive personal information
  • Taking a proactive approach can lead to a competitive advantage and position the organisation to capitalise on new markets or service opportunities
  • Improves the ability to respond and reduce the damage of any data breaches, and in turn the reduce the impact of any fines

Proactively addressing the GDPR will inspire customer confidence within your organisation.

Helping You Attain Sector-Leading Levels of Data Compliance

GDPR Consultancy

Choose from a tailored array of assessments and audits to suit the compliance needs and culture of your business. Whether you’ve yet to implement any data privacy measures or wish to measure the accountability levels you’ve already achieved, this service can help.

Risk Assessments and Penetration Testing

Get a detailed insight into your current cyber security performance with a bespoke combination of security assessments, privacy risk assessments and sophisticated penetration testing.

Data Protection Impact Assessments (DPIA)

We work with you to develop a DPIA procedure that works for your infrastructure and the types of data you process. Combined with our highly effective DPIA templates, this results in a rigorous assessment that can withstand the scrutiny of any supervisory authority.

Privacy by Design Technology Assessment

The Privacy by Design framework offers a robust way of improving your data protection procedures, by embedding privacy into the design of your business policies and systems, as well as your data infrastructure. The result is a user-centric approach to data that offers unmatched control and transparency, while valuing privacy by default and being proactive instead of reactive in the face of breaches.

DPIA Training

Our team can train your people to conduct a thorough Data Protection Impact Assessment, as well as how to work effectively with the relevant supervisory authority.

GDPR –  Enterprise Readiness Assessment

Bridewell’s Enterprise Readiness Assessment consists of Bridewell Consultants working with your organisation at a strategic level, across your key business operations to assess your key privacy touchpoints, data flows and then build a privacy assessment report against an existing and future state.  Bridewell give practical remediation guidance and can support organisations in implementing the practical steps required to address the requirements of GDPR.

GDPR – System Readiness Assessment

Bridewell’s System GDPR readiness assessment consists of an in-depth analysis of a specific application or data collection method to understand the full privacy requirements against the lifecycle of the system or service.  The GDPR compliance assessment consists of:

  • Assessment of technology including the detailed assessment of Privacy Enhancing Technologies (PETs).
  • Global Data Flow Mapping (GDFM) and Global Data Flow Compliance (GDFC) is completed to understand data types and the privacy touchpoints against the lifecycle of each data type.
  • Technical assessment of the technology being used to process the organisations data, gaining a deep understanding of how data is protected and processed in order to inform our clients of any vulnerabilities that require attention.
  • Production of a privacy enhancing roadmap. Bridewell provide our client with a roadmap of improving their operations for data privacy, providing practical guidance, which provide guidance around technical and business process improvement.

GDPR – Global Data Flow Mapping (GDFM)

GDFM consists of Bridewell consultants using a series of interviews with key technical and business process owners to develop and understand all data flows, either across an organisations operations or specific systems.  We are also able to combine our privacy expertise with cyber security analysis to validate data flows within an organisation as required.

GDPR – Global Data Flow Compliance

Conduct an analysis on data flows and ensure that there is appropriate technical and organisational measures in place, any gaps are identified and we support remediation with the client, which can range from technical changes to policy or procedural.

GDPR – Privacy Impact Assessment

This is conducted in accordance with industry good practice. An enterprise level PIA is strategic in content and focuses on the organisation at a strategic layer.  System specific PIA, which is granular in nature and focuses on a specific set of business operations and is targeted with detailed guidance on any remediation activity.

GDPR – Privacy by Design Technology Assessment

We review a company’s application or set of systems to assess privacy by design principles such as:

  1. Proactive not reactive; Preventative not remedial
  2. Privacy as the default setting
  3. Privacy embedded into design
  4. Full functionality – positive-sum, not zero-sum
  5. End-to-end security – full lifecycle protection
  6. Visibility and transparency – keep it open
  7. Respect for user privacy – keep it user-centric

This can also include technical system testing in addition to hands on privacy consultancy using our own Certified Information Privacy Technologist’s to assist.

GDPR –  Security and Privacy Assessment

Bridewell use a set of blended services to provide an organisation with either an Enterprise Readiness Assessment or Privacy Technology Assessment and combine this with technical penetration testing to provide validation that data is secured appropriately.

GDPR – Incident Response Support Service

Having a data breach can be extremely damaging to an organisation’s reputation. Bridewell provide an incident response service, which assist the company in managing a data breach and liaising with the relevant Supervisory authorities.  This can be done on an ad-hoc basis or a contracted service throughout the year.

GDPR – Data Privacy Officer (DPO) as a Service.

For many organisations who process personal and sensitive personal data, the GDPR will impose a new requirement of a mandatory Data Privacy Officer. As a result of the GDPR it is estimated that within Europe there will be a need for 28,000 Data Protections Officers to help organisations become GDPR compliant. Bridewell Consulting can provide a DPO where it is not financially viable or practically viable for organisations to recruit or appoint a DPO that can operate independently in accordance with DPO guidance published by the Article 29 Data Protection Working Party.

Bridewell’s GDPR consultants have been working in data privacy for over 20 years and have experienced Data Privacy Consultants, industry proven methodologies and have supported several organisations in various sectors of industry in complying with applicable privacy and GDPR requirements. 

We have individuals with leading privacy experience and certifications such as the Chartered Information Privacy Professional / Europe (CIPP/E), Chartered Information Privacy Technologist (CIPT) and Data Protection Practitioner (PC.dp) as well as certifications in the new General Data Protection Regulation. 

We pride ourselves on acting as a trusted advisor for our clients and being able to interpret privacy legislation and ensure it is practically implemented into our client’s business operations to be GDPR compliant.

Ready to Take the Next Step?

We’re here to help, so to speak with our team and learn more about how Bridewell can benefit your organisation, just complete the below form and one of our experts will be in touch.

Bridewell Consulting may contact you from time to time to keep you informed of security news and events.

You will always have an option to change your preferences or unsubscribe in line with our Privacy Policy.

Other Data Privacy Services

Let’s talk. Speak to our experts to see how we can work together, keeping your business protected and productive.