GDPR & Data Privacy

Chaucer / Digital / GDPR & Data Privacy

With decades of experience in supporting global organisations, our data privacy experts can help you navigate the ongoing challenge of protecting your data assets within our ever changing digital landscape.

We will work with your teams to create, update and embed pragmatic solutions across privacy law and compliance, data security, data integrity, data management and data governance, vendor management, corporate governance, crisis management, regulatory compliance and ethics.

Whatever the challenges your may face, or the limitations of your in-house capability, we provide hands-on support or advisory for GDPR, ISO27001, PCI/DSS, NIST Risk Governance, and Security & Privacy Operations Centre provisioning and management.

While our approach and consultants are industry agnostic, we also offer specific expertise in Life Sciences, Energy, Financial Services, Central Government and more.

At the centre of the GDPR is the concept of broader and deeper accountability for an organisation’s handling of personal data. The GDPR brings into UK law a trend that we’ve seen in other parts of the world – a demand that organisations understand, and mitigate – the risks that they create for others in exchange for using a person’s data. It’s about a framework that should be used to build a culture of privacy that pervades an entire organisation. It goes back to that idea of doing more than being a technician, and seeing the broader responsibility and impact of your work in your organisation on society.Elizabeth Denham, Information Commissioner

Our Advisory Services:

DPO Counselling

  • Your business has appointed a DPO as required by Article 37, but sometimes your DPO needs support. It might be a tricky DPIA, or the interpretation of an Article 9 derogation, or even a challenging SAR which you want to deny. Our counseling service offers professional DPOs the support they need to ensure they remain confident in their decisions and recommendations.

Data Mapping

  • Businesses who have not completed their Article 30 data mapping can benefit from this service, which supports your business analysis teams in understanding the required elements for a data map, including decisions on lawful basis, retention and deletion, rights availability and much more.

Merger & Acquisition Privacy Due Diligence

  • One of Chaucer's unique services involves advising businesses who are considering a merger or acquisition, and who require insight into how to best blend the data lakes owned by each merger candidate with the acquiring business. We especially focus on data protection due diligence, producing a gap analysis that can identify risks to the business arising from poor data protection practices.

Our Audit Services:

  • Multiple countries have now released official standards for auditing compliance with GDPR, Chaucer has prepared its own audit outlines that will thoroughly test your privacy management operational controls and mitigation activities. It will consider processes, procedures, personnel, policies and the management within the context of an Information Privacy Management System (IPMS).

Business Resilience

  • Businesses need to ensure that they have resilience built-in to their critical processes. With GDPR comes the obligation to ensure resilience of data protection, through privacy by design and privacy by default, as well as robust processes to support Business As Usual that can cope with every type of privacy challenge. Our Resilience team will evaluate the weak points in your privacy management and operations, and make specific recommendations to strengthen your posture to maximize your ability to manage privacy risks.

Our Cyber Services:

NIS Readiness

  • The Network & Information Security Directive is soon to be enforced in the U.K. as well as across the whole of the E.U., and sets new standards for managing cyber threats, coordinating CSIRT activities, and strengthening reporting and cyber risk management for critical infrastructure that is recognized both nationally and across the E.U. Our team of cyber experts will help to manage change projects that ensure NIS compliance is built in to your business at every level.

ISO27001 Preparation & Gap Analysis

  • We help customers who wish to improve their cyber security robustness through implementation of an Information Security Management System conforming to ISO27001 and related standards. While we do not conduct audits for this standard, we assist with making all the necessary preparations so you can get yourself ready for an audit. Even for small companies, this preparation can take from six months to a year, so start soon to realize the benefits.

PCI/DSS Advisory

  • While not a required standard, PCI/DSS does offer guidelines to businesses processing card payments in the minimum set of controls and policies they need to properly handle PAN data. Our team of specialists can help your business to prepare for a full PCI/DSS assessment.

Our Risk Services:

GDPR Emergency Response

  • One of our most popular services, the Emergency Response gives you a place to turn when your GDPR preparations fall short, and you have to deal with your first significant data breach, customer SAR-related complaint or supervisory authority investigation. We provide a high-touch fast turnaround response to deal with your data protection crisis. Our team is experienced with handling privacy investigations, and can help to mitigate the most serious enforcement actions, if you follow our advice in a timely manner.

Risk Advisory

  • Our specialist risk team can help you with all manner of privacy risk management, including a general gap analysis, privacy impact assessments, and full-scale Data Protection Impact Assessments (DPIAs). Once risks are known, we can help you to plan mitigation and response protocols to minimize the impact and probability of the most critical risks to your business with a focus on data protection and privacy.

Our Training Services:

General Privacy Training

  • Second level training is available for larger audiences of employees who are not privacy specialists, but who need a foundation in understanding the important aspects of data protection and privacy.

ePR & other new laws

  • Keep up with the latest changes with our regular briefings on emerging changes to the privacy and data protection landscape.

How do I get in touch to discuss this?

For more information on how we can help solve your particular data privacy challenges or enhance your existing programmes, call us on +44 203 934 1099 or or email

Related materials: