Services
Eight services. One specialist. No missed deadlines.
Every engagement is scoped individually and quoted in writing before any work begins. You will always know exactly what you are getting and what it will cost.
Request handling
Statutory deadlines are not flexible. Our process is built around that fact.
The volume of FOI and SAR requests reaching local authorities has increased significantly in recent years. At the same time, IG team headcount has not kept pace. The result is predictable: backlogs, missed deadlines, ICO intervention and reputational damage.
We provide the capacity your team needs — handling requests with the same standard you would expect from an experienced in-house officer, without the recruitment cost or management overhead.
FOI request management
Twenty working days is not a target — it is the law. We manage FOI requests end to end: validating, applying exemptions, drafting responses and handling ICO referrals. Your team sees the finished response, not the hours behind it.
FREEDOM OF INFORMATION ACT 2000
Subject access requests
A SAR touching five systems, containing third-party information and arriving the week your IG officer is on leave is not unusual. We handle the search, collation, redaction and response — complex, disputed or high-volume — within the 30-day statutory limit.
UK GDPR ARTICLE 15
Data protection impact assessments
New case management system? Shared platform with an NHS partner? These trigger an Article 35 obligation. We conduct the DPIA from initial screening to a signed-off written report — giving your project board the documented assurance it needs.
UK GDPR ARTICLE 35
Remote data protection officer
UK GDPR Article 37 requires most public authorities to appoint a DPO — independently, expertly and properly resourced. We provide a qualified named outsourced DPO: advising on processing decisions, maintaining your ROPA, supporting your team through incidents and acting as ICO liaison. Packages tailored to your organisation and quoted on request.
UK GDPR ARTICLES 37–39 · RETAINED MONTHLY
Breach response support
When a breach is identified the 72-hour notification clock starts. Most organisations do not have a rehearsed response process — and the moment a breach happens is not the time to build one. We provide immediate support through containment, impact assessment and ICO notification decisions.
UK GDPR ARTICLES 33 & 34
IG health check
A structured review of your information governance position. Policies, procedures, privacy notices, ROPAs and data sharing agreements assessed against UK GDPR. You receive a written report with prioritised findings — often the fastest way to identify risk before the ICO does.
FIXED FEE · WRITTEN REPORT
ROPA development & maintenance
Your Record of Processing Activities is a live obligation — not a one-off document. We build it from scratch or bring an existing one up to standard, and maintain it as your services evolve.
UK GDPR ARTICLE 30
Consultancy & project work
Privacy notices residents can understand. Data sharing agreements. Legacy data audits. Staff guidance. If it sits in the IG space, we scope and quote for it — one piece of work or an extended arrangement.
FIXED FEE · DAY RATE · PROJECT BASIS
Frequently asked questions