UK Data Protection, Privacy and
DUAA Compliance Solutions
Although the UK GDPR took effect on 25 May 2018, many organisations still fall short. The risk is not just a fine. It is a mix of legal, commercial and reputational exposure under the UK GDPR, the Data Protection Act 2018, PECR 2003 as amended, and now the Data Use and Access Act 2025. Everything we do aligns with ICO guidance.
Audit and assimilation
If you are unsure where to start or want assurance that your position is sound, we take the pressure off. Our Audit and assimilation is a structured deep dive into your current controls to pinpoint what works, what does not, and what must change.
What we examine:
• Governance, accountability and roles, including senior manager responsibilities under the DUAA 2025
• Records of processing, data mapping and inventories
• Lawful bases, transparency and privacy information
• PECR marketing and cookies, consent and preference management
• Processor and data sharing arrangements, IDTAs and international transfers
• Security controls, retention and disposal, incident response and breach handling
• DPIAs, LIAs and risk management cadence
What you get
Our Audit Outcome Report sets out the exact shortfalls and vulnerabilities to fix, risk rated and prioritised. You get practical recommendations, a remediation plan, quick wins, and a clear route to compliance. No waffle, no jargon.
Fees
Your initial consultation is free and without obligation. We agree fixed costs in advance so there are no surprises.
Does GDPR apply to me?
We still hear it far too often – “GDPR doesn’t apply to me, my business isn’t big enough!”
Answer:
If you process personal data in the UK – whether you are a sole trader, small business, charity, partnership or limited company – the UK GDPR, the Data Protection Act 2018, and in many cases the Privacy and Electronic Communications Regulations 2003 (as amended) apply to you. Since June 2025, the Data Use and Access Act 2025 has also introduced new accountability requirements for senior managers and directors. None of these laws have a “small business exemption”.
​
How well do you comply with data protection law?
It’s easy to assume you are compliant because you haven’t had a complaint or a breach.
Answer:
Compliance means more than avoiding complaints. You must meet all the legal requirements in the UK GDPR, DPA 2018, PECR, and DUAA 2025. This includes having a lawful basis for processing, providing clear and accurate privacy information, managing consent correctly, securing data appropriately, handling data subject rights requests, ensuring retention and disposal are controlled, and having proper contracts and data sharing agreements in place. The DUAA now adds personal accountability for key decision-makers, meaning that failing to comply is no longer just a corporate risk – it can have personal consequences.
We can help
We take the headache out of data protection. We help you understand and meet your obligations under the UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 as amended, and the Data Use and Access Act 2025, following ICO guidance. We do what we do best so you can focus on running your business.
If you have questions or would like to book a free consultation without obligation, please use the link below.