GDPR Comprehensive: Audit, Policies & Training

GDPR Comprehensive: Audit, Policies & Training


Save £250 with our Comprehensive GDPR Pack!

Our Comprehensive GDPR Pack includes the following essential items for your business and technology:

  • Website or App Audit and Report

  • GDPR-compliant Privacy Policy

  • GDPR-compliant Cookie Policy

  • Privacy Standard / Data Protection Policy

  • Data Retention Policy

  • GDPR training Skype session for up to 5 attendees (90 minutes)

Each document can be bought individually by contacting us.

All prices on our site exclude VAT.

Scroll down to find out more.



Add to Cart


If you want to make sure that what you're showing to the world (your app or site) is compliant and you also want to get your most important internal policies in place, then this pack is for you.


We go through each user journey that your website or app visitors might go through and advise on what changes you need to make to comply with GDPR. One of the GDPR requirements is that you are transparent with your users about what you do with their personal data at the time of collection so we make sure that you have the right 'short-form' notices displayed at the right time.

Our recommendations come in the form of a comprehensive report that outlines areas of concern, recommendations and suggestions on how to become GDPR-compliant.


If you have a website, then you're collecting personal data. IP addresses which are collected about the people that browse your site for example, are considered personal data under the EU General Data Protection Regulation (GDPR). You are also likely to be collecting other information about your visitors such as their name, email etc. By law, you must tell your users what you do with that information, why you need it and how you look after it.

If there's one thing you do for your business today, make it a tailored Privacy Policy. The personal data you collect will vary depending on the nature of your services, your processes and tools. The data you collect will then be processed in various locations depending on what third party services you use such as PayPal, Stripe, Mailchimp, Xero and so your policies must be tailored to your business, Copying from another website is a bad idea.


Personal Data does not only mean email addresses and names. It means any information relating to an identifiable natural person such as name, location information or online identifier. In other words, although you may not knowingly be collecting personal data, your website still is. In order to provide your users with access to your pages, images and files, your website needs to collect IP addresses as a minimum.


This is different to your privacy notice as it is not displayed on your website or anywhere else. It is instead an internal document that all companies should have which describes the way your organisation collects, manages, stores and uses the personal data it collects and what measures it has in place to ensure adherence to the policy and security. This policy should be part of your employee handbook if you have employees, part of your contracts with your freelancers and annexed to any supplier contracts you might have.

It is now becoming the norm for business clients to ask prospective partners or suppliers to show them their Data Protection Policy before they enter into any agreement with them. It is strongly advised that you get this document created sooner rather than later as trying to get it in place after you're asked for it, risks losing you an important client.


This is another fundamental document which will outline what types of data you collect and how long you will keep it for. The GDPR says that you can't hold personal data forever but how long do you need it for? UK tax law says that when you have a contract with someone you should keep their data for up to 6 years. But what about personal data that you hold for other reasons such as someone tried to find out more about your service?

Again, larger clients may ask for this document before they enter into an agreement with you so it is advisable if you are working with bigger corporates that you get this document created before you are asked for it.


It is important to remember that the GDPR is not a black and white check list of obligations. It is a "risk-based "regulation. This means that it sets out the wider principles that it expects you to follow and then places legal accountability on you to make sure you understand what you need to do and that you are regularly assessing the risks associated with your activities to the ‘rights and freedoms’ of the people whose data they hold. The best way to achieve this is through training and don't worry about it being boring, our training sessions are fun, informative and interactive! The training will take place over teleconference.