GDPR & Data Protection
Navigate UK GDPR and data protection legislation with confidence. Expert consultancy, external DPO services, privacy impact assessments, policy development and staff training for schools, academies, businesses and charities across the UK.
Expert GDPR Compliance for Schools, Businesses & Charities
The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 place significant obligations on every organisation that collects, stores, processes or shares personal data. Non-compliance can result in enforcement action from the Information Commissioner's Office (ICO), fines of up to £17.5 million or 4% of annual turnover, reputational damage and loss of public trust.
RADCaT's data protection consultancy helps organisations of all sizes — from primary schools and multi-academy trusts to SMEs, charities, charity organisations and national businesses — understand their obligations, implement compliant processes and maintain ongoing compliance with confidence. We cut through the complexity and deliver practical, proportionate solutions that work in the real world.
Whether you need an external Data Protection Officer (DPO), support responding to a subject access request (SAR), a complete data protection audit, or bespoke GDPR awareness training for your staff, our qualified data protection practitioners deliver expert guidance tailored to your sector, your data processing activities and your budget.
Specialist DPO services for schools — We act as the external Data Protection Officer for schools and academies across the North West and beyond, providing cost-effective compliance at a fraction of the cost of an in-house appointment.
Our GDPR & Data Protection Services
Comprehensive data protection support from audit through to ongoing DPO services.
External DPO Services
Appointment as your external Data Protection Officer — monitoring compliance, advising on data protection impact assessments, handling ICO correspondence, managing subject access requests and acting as your point of contact for all data protection matters.
Read MoreGDPR Compliance Audits
Thorough assessment of your current data protection practices against UK GDPR requirements. Identifies compliance gaps, reviews data processing activities, assesses each lawful basis, and provides a prioritised action plan with practical recommendations.
Read MorePrivacy Impact Assessments
Data Protection Impact Assessments (DPIAs) for new projects, systems, processes or technologies that involve high-risk processing of personal data. A legal requirement under Article 35 of UK GDPR before commencing certain types of processing.
Read MorePolicy Development
Drafting and review of privacy notices, data protection policies, data retention schedules, data sharing agreements, processor contracts, cookie policies and records of processing activities (ROPA) — all tailored to your organisation and sector.
Read MoreData Breach Response
Data breach response planning, breach assessment, ICO notification support and post-breach remediation. We help you establish procedures to detect, report and investigate personal data breaches within the 72-hour notification window.
Read MoreSubject Access Requests
Expert support managing subject access requests (SARs), freedom of information requests and data subject rights including the right to erasure, rectification, restriction and portability. We ensure you respond compliantly within statutory timescales.
Read MoreGDPR Awareness Training
Bespoke data protection training for your staff covering UK GDPR principles, data handling responsibilities, recognising and reporting breaches, subject access requests and individual accountability. Delivered at our Wigan centre or on-site.
Read MoreSchools & Academy DPO
Specialist external DPO services for primary schools, secondary schools, academies and multi-academy trusts. Includes compliance monitoring, DPIA advice, parental consent management, safeguarding data guidance and annual compliance reports for governors.
Read MoreWho Needs Data Protection Support?
Every organisation that handles personal data has GDPR obligations — we tailor our support to your sector.
Our GDPR Compliance Process
A structured approach to achieving and maintaining data protection compliance.
Data Protection Audit
We review your current data processing activities, privacy notices, policies, consent mechanisms, data sharing arrangements and technical security measures against UK GDPR requirements.
Gap Analysis & Roadmap
A detailed compliance report identifying gaps, risk levels and a prioritised roadmap with practical steps to achieve full UK GDPR compliance — no jargon, just clear actions.
Policy & Documentation
We draft or update all required data protection documentation — privacy notices, retention schedules, ROPA, data sharing agreements, processor contracts, breach procedures and consent forms.
Staff Training
Bespoke GDPR awareness training for your team covering their responsibilities, data handling procedures, breach recognition and reporting, and the rights of data subjects.
Ongoing DPO Support
Retained DPO services including compliance monitoring, DPIA advice, SAR management, breach response support, legislative updates and annual compliance reviews — your outsourced data protection department.
GDPR & Data Protection FAQ
Does my business need a Data Protection Officer?
Under UK GDPR, you must appoint a DPO if you are a public authority or body, if your core activities involve regular and systematic monitoring of individuals on a large scale, or if your core activities involve large-scale processing of special category data. Schools, academies, NHS trusts and local authorities all require a DPO. Even if not legally required, appointing an external DPO is good practice and demonstrates accountability. RADCaT provides cost-effective external DPO services.
Can you act as our school's Data Protection Officer?
Yes. We provide specialist external DPO services for primary schools, secondary schools, academies and multi-academy trusts across the UK. This includes compliance monitoring, DPIA guidance, subject access request handling, parental consent management, safeguarding data advice, staff training, policy reviews and annual compliance reports for governors. It's significantly more cost-effective than an internal appointment.
What is a Data Protection Impact Assessment (DPIA)?
A DPIA is a process to identify and minimise data protection risks of a project, system or process. Under Article 35 of UK GDPR, a DPIA is mandatory before any processing that is likely to result in a high risk to individuals' rights and freedoms. This includes systematic profiling, large-scale processing of special category data, and public monitoring. RADCaT can conduct DPIAs on your behalf or guide your team through the process.
What happens if we have a data breach?
Under UK GDPR, a personal data breach that poses a risk to individuals must be reported to the ICO within 72 hours. If the breach is likely to result in a high risk to individuals, you must also notify those affected without undue delay. RADCaT helps you establish breach detection and response procedures, assess breaches when they occur, prepare ICO notifications, and implement remediation measures to prevent recurrence.
How do I respond to a subject access request?
Under UK GDPR, individuals have the right to request a copy of their personal data. You must respond within one calendar month, free of charge. This involves searching all systems, applying exemptions where appropriate (e.g. third-party data, legal privilege), and providing the data in an accessible format. RADCaT manages the entire SAR process on your behalf, ensuring compliant and timely responses.
Do you provide GDPR training for staff?
Yes. We deliver bespoke GDPR and data protection awareness training covering the principles of UK GDPR, lawful bases for processing, individual rights, breach recognition and reporting, data handling best practices and staff responsibilities. Training can be delivered at our Wigan training centre, on-site at your premises or via e-learning. We recommend annual refresher training for all staff who handle personal data.
How much do your GDPR services cost?
Costs depend on the scope of services required, the size of your organisation and the complexity of your data processing activities. External DPO services are available on competitive annual retainers. One-off projects such as compliance audits and DPIAs are quoted individually. Contact us for a free initial consultation and we'll provide a tailored proposal based on your specific requirements.
Need GDPR & Data Protection Support?
Get in touch for a free, no-obligation consultation. We'll assess your data protection compliance and recommend the right level of support.