Am I legally required to have a risk assessment?

Yes. MHSWR 1999 Regulation 3 requires every employer to assess risks. Record findings if 5+ employees. Self-employed must also assess.

How often should they be reviewed?

After significant changes, incidents or near-misses. Annual formal review recommended. Retained clients receive scheduled reviews.

Simple low-risk workplaces possibly. Significant hazards require a competent person — qualified consultant produces legally robust assessments.

What happens during a visit?

Walk every area, observe activities, examine equipment and substances, talk to staff. 2-4 hours. Written report with ratings and action plan.

Risk assessment vs method statement?

Risk assessment identifies hazards and evaluates risk. Method statement describes safe step-by-step procedure. Together they form RAMS.

Do I need different assessments?

Yes. General workplace plus specific: COSHH, manual handling, DSE, fire, DSEAR and working at height as applicable.

How much does it cost?

Fixed-price quotes based on premises size and complexity. Bundled packages for multiple assessments. Free consultation.

Do you cover the whole UK?

Yes. Based in Wigan, deliver UK-wide. Single-site and multi-site operations.

GDPR

Policy Development Privacy Notices & GDPR Documentation

Expert development of all GDPR-required documentation — data protection policies, privacy notices for customers, employees and website visitors, data retention schedules, breach procedures, processor agreements and consent mechanisms. Bespoke to your organisation, not generic templates.

Discuss Documentation 0333 3233 785

BespokeTailored to your processing

AllRequired policies covered

CompliantICO-ready documentation

ReviewAnnual update programme

GDPR Documentation

Getting Your GDPR Documentation Right

A workplace risk assessment is a systematic examination of your work activities, premises and processes to identify what could cause harm to people — and whether you're doing enough to prevent it. Under the Management of Health and Safety at Work Regulations 1999 (MHSWR), every employer must carry out a suitable and sufficient assessment of the risks to the health and safety of their employees and anyone else who may be affected by their work activities.

If you have five or more employees, the significant findings of your risk assessment must be recorded in writing. But regardless of your size, risk assessment is the foundation of every health and safety management system — without it, you're managing safety blind.

RADCaT's qualified health and safety consultants carry out thorough, practical workplace risk assessments for businesses of every size and sector across the UK. We don't produce generic templates — we visit your premises, walk your processes, talk to your team and produce site-specific, task-specific assessments that genuinely reflect your operations and give you a clear, prioritised action plan for improvement.

Whether you need a general workplace risk assessment for your office, a task-specific assessment for high-risk activities in a factory, a site-wide review for a multi-building campus, or a pre-project risk assessment for a construction site — RADCaT delivers expert, HSE-compliant assessments tailored to your industry and your operations.

Generic templates don't demonstrate accountability. If your privacy notice doesn't match your actual processing, it's misleading — and misleading privacy information is a breach of Article 13/14. RADCaT writes policies that reflect reality.

Types of Risk Assessment

Documentation We Develop

Every document you need for UK GDPR compliance.

Data Protection Policy

Your overarching data protection policy covering principles, responsibilities, processing rules, security standards, breach procedures and individual rights. Tailored to your organisation.

Privacy Notices

Transparent privacy notices for every audience — customers/clients, employees, job applicants, website visitors, pupils/parents, patients, donors. Covering all Article 13/14 requirements.

Cookie & Website Policies

Cookie consent mechanisms, cookie policies and website privacy notices compliant with UK GDPR and the Privacy and Electronic Communications Regulations (PECR).

Retention Schedules

Data retention schedules specifying how long you keep each type of personal data and the lawful basis for retention. Sector-specific schedules for schools (IRMS), healthcare and regulated industries.

Processor Agreements

Data processor agreements (Article 28) for every third party processing personal data on your behalf — payroll, cloud services, CRM, email marketing, IT support and outsourced functions.

Breach Procedures

Data breach detection, assessment, notification and recording procedures. 72-hour ICO notification templates. Individual notification templates. Post-breach review process.

Consent Mechanisms

GDPR-compliant consent collection for marketing, cookies, photography, research and any processing relying on consent as lawful basis. Granular, specific, informed and freely given.

Rights Procedures

Procedures for handling individual rights requests — access, rectification, erasure, restriction, portability, objection and automated decision-making. Timescales, exemptions and response templates.

Every Industry

Risk Assessments for Your Sector

Every industry has different hazards. We tailor every assessment to your specific sector and operations.

Our Process

How We Carry Out a Risk Assessment

Processing Audit

We understand your actual data processing — what data, whose, why, how, where, who has access and how long you keep it. This drives every document we produce.

Documentation Plan

We identify every document you need based on your processing activities, sector requirements and organisational structure.

Drafting

We draft all documents — policies, notices, procedures, agreements and templates. Written in clear language, specific to your organisation, professionally formatted.

Review & Approval

Draft documents reviewed with you, adjusted for any operational considerations, approved by management and formatted for publication.

Annual Updates

Scheduled annual review of all documentation to reflect changes in processing, technology, regulations and organisational structure.

Common Questions

Policy Development FAQ

What GDPR documents do I need?

At minimum: a data protection policy, privacy notices for every audience whose data you process, a data retention schedule, breach notification procedure, SAR procedure, ROPA and processor agreements for all third parties. Additional documents depend on your specific processing activities.

Can I use template policies?

Templates are a starting point but rarely sufficient. Your documentation must reflect your actual processing activities, your specific data flows and your organisational arrangements. Generic templates that don't match your reality fail to demonstrate accountability and can be misleading.

How often should policies be reviewed?

At least annually and whenever there are significant changes to your processing activities, systems, third-party arrangements or relevant legislation. RADCaT provides annual review services for retained clients.

Do you write privacy notices for websites?

Yes. We draft website privacy notices, cookie policies and cookie consent mechanisms compliant with UK GDPR and PECR. We also assess your website's data collection practices to ensure your notices accurately reflect what you actually do.

What are processor agreements?

Contracts required under Article 28 between a data controller and any third party that processes personal data on their behalf. Must specify the subject matter, duration, nature and purpose of processing, data types, categories of individuals and the processor's obligations. Required for payroll providers, cloud services, IT support, marketing platforms and any outsourced function handling personal data.

Do schools need specific documentation?

Yes. Schools need sector-specific privacy notices for parents, pupils and staff, retention schedules aligned with the IRMS toolkit, data sharing agreements with local authorities, safeguarding data procedures and specific policies for CCTV, biometrics and photography.

How much does policy development cost?

Based on the number of documents needed and complexity. Complete documentation packages offer better value than individual documents. Contact us for a quote based on your specific requirements.

Need GDPR Documentation?

Get in touch for a free discussion about your documentation needs.

Discuss Documentation 0333 3233 785

Policy Development Privacy Notices & GDPR Documentation

Getting Your GDPR Documentation Right

Documentation We Develop

Data Protection Policy

Privacy Notices

Cookie & Website Policies

Retention Schedules

Processor Agreements

Breach Procedures

Consent Mechanisms

Rights Procedures

Risk Assessments for Your Sector

Factories & Warehousing

Transport & Logistics

Construction

Schools & Education

Care & Healthcare

Chemical

Hospitality

SMEs & Offices

Charities

How We Carry Out a Risk Assessment

Processing Audit

Documentation Plan

Drafting

Review & Approval

Annual Updates

Complete Your Compliance Puzzle

External DPO

GDPR Audits

DPIAs

Policy Development

Breach Response

Subject Access

GDPR Training

Schools DPO

Health & Safety

HR Services

On-Site Training

Cybersecurity Training

Policy Development FAQ

Need GDPR Documentation?