General Data Protection Regulation

GDPR will come into effect on 25 May 2018, there is now less than a year to go to achieve compliance.

We can help you to prepare.

Our services

NCC Group offer a number of GDPR and privacy services. Our privacy services cover all elements of the lifecycle.


GDPR awareness – workshops of variable length covering the key changes coming with GDPR. Delivered to all key stakeholders across the business, including marketing, IT, HR, finance, security, operations, etc.

Request more info


GDPR training – one-day foundation level course which focuses on helping you and your organisation better prepare for GDPR and demonstrate compliance. As well as our public courses we can provide an in-house course for your organisation.

Request more info


Data mapping – identifies the personal data that is collected, created, received, processed, stored and shared by an organisation. Provides a view of how that personal data moves around the various internal/external processes/applications/systems.

Request more info


GDPR health check – assesses an organisation against the requirements of GDPR through a combination of document review, workshops and interviews with key stakeholders. Output provides detailed findings and actionable recommendations.

Request more info


Strategy & remediation – tailored support to privacy programmes, including providing external, independent representation on privacy steering groups. We offer a GDPR policy and procedure set that we can bespoke for clients.

Request more info


Data Protection as a Service – GDPR allows for the outsourcing of data protection, including the Data Protection Officer. We can provide services such as Privacy Risk Screening, Data Protection Impact Assessments, GDPR remediation and M&A-related activities.

Request more info

NCC Group is skilled at operationalising the GDPR, balancing sufficient and perfect privacy to make it work for your business.

Related Information

GDPR Compliance audit for cloud

Cloud service providers that process personal data will face significant scrutiny during this coming year, given that their customers are potentially liable for any breach of the regulation.

Not only do you need to be fully aware of the cloud services being used within your organisation, but you also need to understand the services your employees are using too.

Personal data is often found in emails and unstructured content such as documents that are stored in cloud services and not monitored by IT departments.

Ahead of GDPR coming into force in 2018, companies must implement measures to give them visibility of these cloud services and bring them under their control, to ensure compliance.