Regulatory Services


The General Data Protection Regulation (GDPR) came into force in the UK in May 2018. In a OnePoll Survey carried out at the end of 2018, of 1000 small businesses:

  • Over half revealed they don’t dispose of paper customer records securely and confidentially.
  • 71% do not dispose of staff data securely;
  • 86% do not dispose of visitor security books securely;
  • 25% did not appreciate that the loss of paperwork amounted to a data breach;
  • 60% were unaware that the Information Commissioner’s Office (ICO) must be notified of a breach which affected an individual’s rights

The GDPR imposes significant obligations upon all businesses to be compliant; to have policies in place; to ensure that personal data is protected and is held and processed in a lawful manner; to determine the lawful basis for processing under the GDPR and, fundamentally, to provide this information to individuals.

The Information Commissioner reported a 160% increase in complaints over the summer of 2018 and whistle blowers reporting data breaches tripled.

The general consensus is that GDPR will only gather momentum. Businesses can be fined up to 20 million euros or 4% of their annual net turnover. Individuals can also take their own, or class actions, for damages.

If your business has taken action to address its GDPR obligations then the ICO may adopt a more pragmatic approach to any complaint or breach.

Following audit and implementation, BOX GDPR Protect offers three different packages to support your business.

Initial Audit and Implementation

To ensure compliance, we provide an audit whereby we review your business through completion of our questionnaire, assess the data you hold, and then provide our recommendations by way of a detailed report. We then prepare bespoke policies tailored to meet your business’ specific requirements. These are  likely to include the following but also any additional policies to meet your business’ needs:

  • Data Protection Policy
  • Privacy Notice
  • HR Policy and Employee Privacy Notice
  • Breach Policy
  • Access to Data Policy
  • Recruitment Policy
  • CCTV Policy

Price from £2,500 plus VAT.

Our Data Protection Support Packages

GDPR compliance does not end after the audit and document stage. Businesses have an ongoing obligation to ensure compliance on a day to day basis, to deal with data subjects rights, ensure security and deal with any likely or actual breach. You must also undertake impact assessments whenever there is or could be an impact on data subjects’ rights or security and include provision for implementation of data protection by design or by default.

Following completion of the Initial Audit and Implementation stage, we offer three different packages.

Each includes ongoing updates we believe you may require for your policies as they arise during the period at no additional cost.

In addition, each has the option for you to take Data Protection Insurance Cover from Arag Plc which provides cover for your legal costs up to £250,000 for payment of a one off annual premium which is dependent upon the size of your business.

Compliance Package

12 months’ support for up to 10 hours from a dedicated member of our team for a one off fee starting from £2000 plus VAT.*

It includes:

  • General guidance and assistance with the GDPR for ongoing compliance
  • Assistance with access requests and other data subjects’ rights
  • Assistance and guidance to address any security breaches

Control Package

12 months’ support for up to 15 hours from a dedicated member of our team for a one off fee starting from £3000 plus VAT.*

In addition to the cover provided by the Compliance package, this covers a provision for us to be your virtual Data Compliance Manager :

  • Guidance with Impact assessments
  • Assisting with implementation of compliance by design where required
  • Addressing and guidance with any investigation undertaken by the Information Commissioner’s Office

Comprehensive Package

Comprehensive includes the same service as the Control package plus training for up to 100 staff at either two or three training sessions for one hour duration on either the GDPR generally or your internal policies for payment of a one-off fee starting from £4000 plus VAT.

Alternatively, we are happy to help you in any way. Work can be undertaken either at our standard hourly rates or we may be able to agree other forms of fixed fees with you.


Get in touch

For more details, please contact Nick Worsnop on
0113 2258811 or

Get in touch
Fields marked with an * are required