GDPR Compliance

“Data Protection is changing”

The General Data Protection Regulations (GDPR) will apply in the UK from 25th May 2018. The UK’s decision to leave the EU will not affect this and therefore it makes sense to prepare for the new regime.

The GDPR applies to ‘personal data’ and makes it clear that information such as an online identifier – e.g. an IP address – can be personal data. The more expansive definition provides for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people.

The GDPR cover ‘data controllers’ and ‘data processors’. A data controller says how and why personal data is processed and a data processor acts on the controller’s behalf.

If you are currently subject to the Data Protection Act, it is likely that you will also be subject to the GDPR. The new accountability principle states explicitly that it is your responsibility to demonstrate that you comply.

If you are currently a data processor, the GDPR will place new specific legal obligations on you and you will have significantly more legal liability if you are responsible for a breach.

Subscription Services

Knowledge Overview

Business owners and senior people do not have time to keep up to date with developments in data protection best practice. We offer regular information on:

  • The latest Data Protection practices
  • Changes in the law and consultations
  • ICO conferences and events
  • ICO enforcement action

Price £10/month with 3 months minimum subscription.

Frequently Asked Questions

Questions pop up from time to time and it’s not always easy to find an answer. We can give access to a knowledge base with the answers to frequently asked questions about data protection issues.

Price £10/month with 3 months minimum subscription.


Access to an online portal providing the following:

  • Induction training for new members of the team
  • Update training (as required) for all team members
  • Yearly competence assessment in Data Protection and Information Security

There is an annual subscription of £30 for up to £10 users, each additional user is £2. For each use of a course there is a charge from £5 depending on the content. The portal can be made bespoke to the business if required in which case the annual subscription is £80 for up to 40 users.

Primary Point of Contact

Act as the main route for contacts using pre-agreed processes:

  • Supervisory Authority
  • Subject Access Requests (SAR)

Subscription £50 per annum. £10 per SAR and Supervisory Authority requests at cost.


Data Protection Policy

A policy will help you address data protection in a consistent manner. This can be a standalone policy statement or part of a general staff policy. The policy should clearly set out your organisation’s approach to data protection together with responsibilities for implementing the policy and monitoring compliance. The policy should be approved by management, published and communicated to all staff.

We will provide a free, no obligation quote for producing this document.

Privacy Notice

Being transparent and providing accessible information to individuals about how you will use their personal data is a key element of the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR). The most common way to provide this information is in a privacy notice.

We will provide a free, no obligation quote for producing this document.

Website Data Protection

We will provide a bespoke ‘Privacy Notice’ and set of ‘Terms of Use’ for a website, for £140.

Consultancy Services


Sometimes there is a question that cannot be resolved easily. We can provide an email helpline providing direct answers to business specific queries and questions on data protection matters.

Price, you have to be a subscriber to one of our subscription services and then at cost.

Manage Data Protection Activities

For example:

  • Carry out/advise on Privacy Impact Assessments
  • Carry out Internal Audits on procedures
  • Bespoke policy and, or process development (and implementation)
  • Penetration testing for websites and networks.

Price on application.

Please get in touch to get the ball rolling.

Crimson Crabs wave for ethical, legal and responsible trading, telephone 02392637190, email or click here to contact us