Cookie Consent by TermsFeed Generator

Making GDPR align with your business

IMPACT is an easy way to help you understand GDPR & provides the tools for your employees to manage compliance.

Welcome to the world of GDPR

Data now competes with Oil in being the world’s most valuable resource and its misuse in the last decade by large operators such as Facebook has prompted regulators to step in to restrain those who control its flow.


report that GDPR has improved the management of customer data


of data breaches reported were a result of human error


reported that GDPR has encouraged new innovative uses of data

¹ Research by RSM of 967 European businesses who have engaged with the European Business Awards. The majority of businesses surveyed were European middle-market businesses with a turnover of less than €100m. The sample included businesses from 34 countries.

² ICO: 11499 personal data breach incidents reported between 1st January and 31st December 2020

Creating an IMPACT

For small and large companies

Your obligations may differ depending on the size, type & turnover of your company. There are also some additional obligations where you have 250 employees or over.

Understanding if you need a DPO or to be registered can be tricky using the ICO self-assessment tool. This isn’t something your business can afford to get wrong. We provide you with 1 valuable tip to use.

When taking these self-assessments think about 4 areas

  • Data you process as a business
  • Data you process about your customers
  • Data you process about your suppliers
  • Data you process about a staff member of the contractor
Creating an IMPACT

"GDPR Compliance is as much more than just managing data systems it's also about the integrity and culture of your Company"

What is GDPR?

What is GDPR?

Clearing the confusion

The General Data Protection Regulation is a framework to protect an Individual’s personal data.

Its aim is to simplify the regulatory environment and make it easier for individuals to have control of their own data. It also aides free flow of data throughout Europe.

However, some things have changed….. United Kingdom Left Europe.

UK GDPR became effective on the 1st of January 2021 and with the Data Protection Act 2018 is now the UK's primary Legislation for Companies that process UK individual’s personal data.

How do you assign a Data Protection Officer?

Getting the right balance of support for your business

A DPO can be an external resource or an employee. They assist you to monitor internal compliance, and they inform and advise on your company data protection obligations. They also act as the main focal point for the ICO when communicating with your business.

It may not be clear at the outset if a company needs a DPO, GDPR Business Support, or both. Depending on the type & scale of data a company processes It may have a duty to appoint a DPO.

How do you assign a Data Protection Officer?

The Data Protection Impact Assessment (DPIA)

Don’t let GDPR block your innovation

Data Protection Impact Assessments are an essential tool in the sales pipeline. If your company uses an internal or external data storage system and uses software applications that process personal data. Completing these risk assessments is vital. Human behaviors are often overlooked in systems impact assessments, However, the majority of data breaches are a result of it. Do you need to identify the risks? we take away the pain of completing a DPIA and we make sense of the complexity.

IF you work with sensitive or special category data you have a legal obligation to carry out a DPIA under the UK GDPR.

We help you mitigate the risks and plan ahead to keep your projects moving forward.

The Data Protection Impact Assessment (DPIA)

"Article 25 of UK GDPR Data protection by design and by default"

What IMPACT can do for you

IMPACT® can support your organisation, make GDPR easy to understand, and provide the tools for your employees to ensure compliance for each development or change to systems, products, or service.



IMPACT® training can be delivered either virtually or face to face depending on your requirements and you can expect the training to last approximately 4.5 hours.

Data Mapping

Data Mapping

There are lots of systems out there that claim to manage data mapping and ROPA (Record of Processing Activities). However, Data mapping will only be successful in your business if you can align it with your existing business processes.

DPIA Support

DPIA Support

Knowing when you need a DPIA can be difficult, We provide external support in completing Data Protection Impact Assessments for your company. Get in touch f you are introducing something new or making changes in your workplace.

Redaction Managed Services

Redaction Managed Services

We offer an experienced redaction service, we can also review and make recommendations on exemptions that need to be considered when dealing with a subject access request.

Support Per Hour

Support Per Hour

We know every company is different and requires a focus on a variety of processes, therefore we offer Support on a Per Hour basis for everything from Data Mapping to creating Risk Registers.

GDPR Audit

GDPR Audit

We provide a range of audits to suit your size and type of business which will help you with compliance. We offer Gap analysis/ Mock inspections & Full Audit

Subject Access Request Support

Subject Access Request Support

Meeting deadlines & keeping costs down when it comes to Subject Access Requests can be difficult, For large & Small companies we bring practical experience & knowledge to manage this process effectively. We work alongside legal counsel, DPO's & business owners giving them insight and support.

Your GDPR certifications

Awarded on course completions

UK GDPR certification applies only to data controllers and processors and cannot be used to certify individuals for example Data Protection, Officers.

There are currently no approved certification criteria or accredited certification bodies for issuing UK GDPR certificates. However, The ICO encourages the use of data protection certification mechanisms as means to enhance transparency and compliance.

If applying for UK GDPR certification the criteria must be able to be applied to a product, process, or service to be suitable for use under ISO 17065 as this is the standard that certification bodies will be accredited against to issue UK GDPR certification.

"Increase your compliance with IMPACT"

Domestic Video Surveillance

Domestic Video Surveillance

Here's a guide to help you comply with data protection laws for domestic video surveillance

ICO Registration Common Errors

ICO Registration Common Errors

Did you make this same mistake on the Self assessment portal? here are the common mistakes people make carrying out the self assessment

Children’s code Compliance Countdown

Children’s code Compliance Countdown

The transition period for implementing the standards is almost at an end.

What our clients say

Rigrun Logo

Susan helped our company get up to speed with GDPR compliance in a no-nonsense and practical manner. Not only did Susan take the time to simplify all the regulations so that we could apply them to our business, but she was also really friendly, approachable, and cost-effective. Susan always responds to our queries promptly and efficiently. We have been delighted with the service provided and will continue to use these services on a long-term basis.

Louise Martin - Founder & Director of RigRun

Cognitio Coaching Logo

I’ve known Susan for a few years and her advice and recommendations for GDPR business support is excellent.

I am a small business owner and Susan has helped to ensure that my business complies with GDPR and I keep on top of any changes.  When I started my business, I had never heard of ICO (Information Commissioner’s Office) and didn’t realise that I needed to register the business to ensure I was handling my data and my client’s data correctly.

Susan has also worked on my privacy policy which is now robust and fit for purpose.  There are certain things that as a business owner you need to get the professionals to help you with and GDPR is definitely one of those things!  Having Susan and her team on my side is so reassuring as the regulations can change and the team are always up-to-date with their advice. I can highly recommend them.

Nicky Carnie HR MSc, MCIPD - Qualified ILM Coach & Colour Profiling Specialist:  Insights/ C-me

GranitePR logo

I have had the pleasure of knowing and working with Susan in various capacities over 25 years.

Susan is a system expert and process guru with a firm grasp of the GDPR guidelines and laws.

Therefore it was without hesitation that we asked Susan to review and update our processes , GDPR policies and Privacy Statement  to make sure they were robust and current.

I would recommend Susan without hesitation to Clients and Associates.

Brett Jackson - Founder and Managing Director Granite PR

Cyber Essentials logofsb member logoScottish Business Network logoAberdeen & Grampian Chamber of Commerce Logo
© IMPACT 2021
IMPACT is an innovation by Care App Solutions Ltd
Website design: Rocket Five