Contact us: 07905 791340

We help businesses like yours become compliant with the GDPR regulations.

It’s a very simple three stage process:

If you are a business starting from the beginning or have come some of the way but given up:

  1. We provide an Audit and gap analysis of your current level of GDPR compliance.
  2. We interview key people within your business who handle data and IT systems to gauge what you already have in place.
  3. We provide a gap analysis report along with a project plan showing what changes need to take place. This is your compliance journey mapped to your business.

All this for just £1500 plus VAT

This allows you the option to do as much or as little as you want, using me just for the audit or for writing policies and training as you require, at additional cost.

Audit your level of compliance from just £1500

Start Conversation

Some of the businesses we’ve helped:


Simon helped train all our staff from the headmaster to the support workers in the essentials of GDPR, a great help.


It’s essential a business like ours is compliant with the regulation as our customers expect it from day one. PMA helped us become compliant which meant we could pitch for further projects and attract more customers.


I didn’t think we had any data but PMA explained staff data is included within the GDPR parameters. Help with our security and policies was provided helping us on the road to compliance.


We were having conversations with the ICO about complaints and possible breaches, we bought Simon in as our DPO and he helped resolve the customer issues and liaised with the ICO to ensure no fines were administered on us.



As MD of my business I was spending too much time working through GDPR without moving forward much, PMA were able to pick up the reigns and move us forward to a good level of compliance within the business.


FREE Consultation

When you have contacted us you will be asked a few simple questions which will help us understand the kind of help you need and even a rough idea of costs and timings.

Following this phonecall a site visit is sometimes called for and after this meeting a full proposal is provided with more accurate costs and timings.

The right level of support for your business

Begin by defining where you are currently, identify the gaps and agree on an action plan. It’s as simple as that. Not everyone will start at the same point which is why PMA offer different levels of GDPR support. You just need to find the one that works for you.

GDPR Level 1 – Full compliance


  • Data mapping of sources within a business
  • Evaluate level of compliance with ICO self-assessment guidance
  • Gap analysis produced with a detailed action plan
  • Provide advice on the impact of PECR and website Cookies
  • Deliver documentation to support policies and business processes

GDPR Level 2 – Post-GDPR compliance


  • Review the current level of compliance with GDPR
  • Test internal process e.g. SAR, data breaches, privacy policies and Cookies
  • Provide a rating, gap analysis and an action plan
  • Provide advice on the impact of Brexit

GDPR Level 3 – Provision of a DPO service (inside the EU)


  • Check the level of compliance within the business
  • Liaise with ICO on queries and complaints received
  • Answer data protection queries
  • Build and run SAR (subject access request) processes

GDPR Level 4 – Working with an internal DPO


  • Support delivery of training to staff
  • Identify non-compliant areas
  • Work with the ICO to answer any queries

GDPR Level 5 – Ad hoc data protection support and guidance


  • Access to up to date information on the regulations within the UK, EU and Rest of the World
  • Advice and guidance provided via telephone/Zoom/email
  • Support for Data Protection Impact Assessments (DPIA)
  • Bespoke Training for internal teams – marketing, HR, call centres, fundraising

If you have a specific need, there are several additional services you can access.


  • Write Policy documents in several different languages
  • Guidance on lawful reasons for data processing
  • Deliver bespoke training by teams e.g. marketing, call centres, directors
  • Write Privacy Statements
  • Provide advice on PECR and Cookies
  • Write Consent statements for marketing purposes
  • Regular updates and information on data protection developments
  • Recommend security IT and encryption tools
The goal is to manage your data within the GDPR framework. Your staff must understand what is expected of them and your customers should feel they are being treated fairly.

Get in touch with Simon today to find out more.

Frequently asked questions…

What is a data breach?

This is the term used when you lose your data. It can happen because of human error or by malicious intent. You need to ensure you are at least prepared for this event. This will involve a plan for the management of a data breach within your business including liaison with the ICO and other stakeholders impacted by the data breach.

The GDPR states you must advise the ICO within 72 hours of any data breach where personal data has been compromised. It’s important to manage the interaction with the ICO to ensure you are seen in a positive light. If you have shareholders supporting your business, they must be considered when you go public with the news.

Why do you need training for GDPR?

The ICO recognises training as an important element of accountability and compliance with GDPR. Experience has shown the human element of any organisation is the weakest link in losing data or clicking onto a phishing email link.

It’s important to provide training modules that are bespoke to the teams in your business. I answer the question most employees have which is “what do I need to do differently in my role under GDPR?”. These sessions can be delivered face to face or over Zoom.

How do I know if I need a DPO?

If you are processing a lot of data then you will need a DPO. Many businesses feel it is necessary to ensure they remain compliant and to deal effectively with any issues. This doesn’t have to be a full-time role and can be done virtually or on a part-time basis.

Your DPO would deal with the ICO directly, manage any data breaches, update policies, test processes train teams in the principles of GDPR. Many are expected to be the consumer champion to ensure personal data is not being used illegally.

You may have specific questions relating to your own experiences or a general query relating to data protection,

Get in touch with Simon today for the answer.

Want to explore more?

If you have a question or want to find out more about how we can help,
it would be great to hear from you.