GDPR Compliance

Are you sure you’re doing all you should with data protection?

You may receive complaints if people think you aren’t handling their personal information correctly. And they are not afraid to exercise their rights under GDPR,. This could cost you considerable time and money, and loss of reputation. Plus the ICO can fine companies up to £17.5m or 4% of their gross worldwide turnover (whichever is larger), meaning that the penalties for not complying with GDPR could be huge.

GDPR can feel overwhelming, as it is full of technical jargon. Besides, which GDPR compliance company do you choose to help you?.

Morgan Armstrong believes that GDPR is actually very simple. It’s a framework for handling personal information correctly so, if you follow it, then you protect yourself and your clients.

We will never tell you that you need to do something to comply with GDPR if you don’t need to. And we will always speak about it using plain English.

Having always been conscious of GDPR as we handle lots of personal data, we were very lucky to be introduced to Sarah who has provided us with such a comprehensive and in depth review of our processes. There were a number of areas to improve, despite believing we were fully compliant, which demonstrated just how complicated this legislation is. We remain proud to be a very compliant and data conscious business, and now we have Sarah on hand to work with us as the legislation develops. I really do recommend her services for the benefit of your business and that extra protection for those clients you work with.

Victoria Hicks, Group Director, The City & Capital Group Limited

Website compliance service

FREE initial telephone consultation.

Stage 1: An analysis of your website Highlighting GDPR compliance and areas for work in Stage 2.

Stage 2: If you appoint us to carry out the work identified from Stage 1. We will produce it in such a way that your web developer can implement the changes quickly and effectively.

Analysis of specific business areas

Our GDPR specialists can work with you to focus on a single part of your business as follows:

  • Privacy policy: this is an internal document that tells your employees how to be GDPR compliant. We can check your current policy and provide a re-write if necessary, or write it from scratch.
  • Data audit: provide a full audit of all the personal data your business handles. Or we can focus on a specific part of your business, such as your marketing, or customer database/CRM?
  • Employee data: audit how you use personal data provided by your employees, and compile declarations, an employee privacy notice, etc.
  • Subject Access Request: we can help you manage a Subject Access Request, which could save you time and money.
  • External Data Protection Officer: if you would like a DPO, but don’t have the budget, why not use Morgan Armstrong to provide this service?


We can provide relevant and accessible training for staff and managers, covering general GDPR issues or focussing on a specific area for you.

If you would like to speak with one of our qualified GDPR specialists, please upload your details using the contact us page.