Data Protection & GDPR

For Organisations and Small, Medium Enterprises
Book your 15 Min Complimentary Consultation

Which data protection laws are applicable in the UK?  Do I need a DPO (Data Protection Officer)?


Data protection is a process to safeguard the privacy, availability and integrity of individuals and personally identifiable data.

Data protection must be on the agenda of all boards.

Organisations, businesses or the government must follow legislation on how they use your personal information.



The UK GDPR (General Data Protection Regulation) and the DPA (Data Protection Act) 2018 governs UK data protection.    Organisations in the UK that process personal data must follow these two data privacy laws. Non-compliance risk fines of up to £17.5 million or 4% of annual global turnover – whichever is greater.

The UK GDPR introduces a duty for you to appoint a DPO within certain circumstances.  The DPO must be independent and an expert in data protection. 

What we Can Help You With

The journey to protecting personal data starts with the understanding of your data assets, the categories of data. And the measures you need to put in place to safeguard personal information to comply and meet your legal and contractual obligations..


As your DPO, we will educate you and your employees about your data protection obligations.  We will support you to ensure compliance with Data Protection regulations and support you with:

  • DSAR – advise you and guide you in responding to subject access requests
  • Advice on DPIA (Data Protection Impact Assessments), monitoring and review

We will act as the main point of contact for ICO and data protection related matters and complaints.


It is well researched and documented that people are the weakest links when it comes to the implementation of policies and procedures. It is, therefore, crucial to ensure that all your staff and business leaders are aware of their roles and responsibilities when it comes to data protection.

Our training will help your staff to:

  • identify what qualifies as personal data and how it should be protected
  • your organisations Data Privacy Policy and Procedures
  • how to identify and report data protection breaches
staff awareness training

Safeguarding and protecting

Understanding the source of personal data into your organisation, how the data is processed, where it is stored, how long for and who has access to the data are all key to safeguarding and protecting the data.

In many organisations, data if freely floating around in various systems and people have no idea what they have in their possession.

Maysante will help your organisation discover your data assets and put the necessary measures in place to safeguard and protect the data to ensure its confidentiality, availability and integrity.

We were looking for a consultant to help us with our GDPR processes, client privacy policies and team training on GDPR. Mary supported us through the process and made a complex subject very straightforward. Mary is a great communicator and was able to train the team to a high standard. I would highly recommend the services that Mary provides.

Mark Randall

Director, Your Finance Team

Frequently Asked Questions

What is data protection?

Data protection is a set of strategies and processes you can use to secure the privacy, availability, and integrity of your data. 

what data protection laws are applicable in the uk?

The UK GDPR (General Data Protection Regulation) and the DPA (Data Protection Act) 2018 governs UK data protection.   The main purpose of the data protection act is to protect individuals from having their personal details misused or mishandled.

what is a data protection officer(DPO)?

DPOs assist you to monitor internal compliance, inform and advise on your data protection obligations.  The DPO provides advice concerning the Data Protection Impact Assessment (DPIAs) and acts as a contact point for data subjects and the Information Commissioner’s Office (ICO).

Not all organisations are required to appoint a DPO.

Do I need to appoint a dpo?

Under UK GDPR, you must appoint a DPO if:

  • you are a public authority or body
  • your core activities consist need regular and systematic monitoring of individuals on a large scale
  • your core activities consist of large scale processing of special categories of data (sensitive data such as health, religion, race or sexual orientation)  or data relating to criminal convictions or offences.

Small, medium-sized enterprises (SMEs) are not exempt from appointing a DPO.


Do i have to appoint a dpo internally?

No.   GDPR allows you to choose.  The DPO can be an existing employee or externally appointed.   Outsourcing the role of the DPO can help you to address the compliance demands of the GDPR while staying focused on core business activities.


Executive Coaching Outline Programme

Download outline programme and information for our Executive Coaching Service.

Executive Coaching Outline Programme

You have Successfully Subscribed!

Leadership Training and Development Outline Programme

Download outline programme and information for our Leadership Training and Development Service.

Leadership Training and Development Outline Programme

Leadership Training

You have Successfully Subscribed!

Career Coaching Outline Programme

Download outline programme and information for our Career Coaching Service.

Career Coaching Outline Programme

Career Coaching

You have Successfully Subscribed!