At Hebborn Consultancy, a GDPR audit means rolling up our sleeves and getting into the detail of how your organisation handles Personal Data. We review your policies, procedures, IT systems, staff practices and your wider data relationships. The goal is to expose any weak spots, reduce the risk of breach, and ensure you're compliant with the UK GDPR, the Data Protection Act 2018, PECR 2003 (as amended), and now the Data Use and Access Act 2025.

 

We don’t just tick boxes. We assess how you collect, store, use, and share data. We look at your consent practices, your lawful bases, your retention periods, and the safeguards around your IT infrastructure. Where relevant, we carry out open-source due diligence checks on the organisations you share data with, especially where third-country transfers or joint controllership is involved.

​

Once complete, we give you a written report that highlights areas for improvement and makes clear, actionable recommendations. You can use this to strengthen your internal controls and, if needed, demonstrate to the ICO or other stakeholders that you’ve taken your legal obligations seriously.

​

Costs vary, and until we know what you need, we can’t tell you what it will cost. There’s no one-size-fits-all. A single-site charity with straightforward data use is not the same as a company handling international data transfers, health records, or automated decision-making. Once we’ve had a proper conversation, we’ll give you a clear proposal with no surprises.

 

If you’d like us to scope an audit for you, we’ll do it with clarity, honesty, and without trying to sell you anything you don’t need. Let us know.