GDPR Auditing, training and consulting

GDPR Auditing is a specialist consultancy, focussing on everything GDPR. Because we specialise in GDPR we can help with all aspects, including IT Systems and Security, Secure Development, Contracts, Policies and Procedures, Documentation, Templates, Toolkits, Training, and consultancy.

GDPR Auditing Launch DPO Training Course – Including GDPR Toolkit.

A unique training package aimed anyone responsible for GDPR including DPO’s. One-to-One or Classroom based and includes our highly rated GDPR toolkit

DPO Training

Our Services

  • Small Business GDPR Audit
  • Full GDPR Audit
  • Toolkit and Template Solutions
  • Training
  • GDPR Management Solutions
  • IT Security Audit based on PCI DSS 3.2 and ISO 27001 standards
  • Audit, Check and Verify and Second Opinion

Small Business GDPR Audit

We recognise that some organisations have a very small personal data footprint, minimal IT and few employees.

If this is you may qualify for a ‘light’ audit.

What you get (typically)

  • Auditor, 1 day onsite
  • Full report on where your gaps are including a full set of recommendations to enable you to build a prioritised remediation plan.
  • Coverage for all parts of your organisation that might touch personal data

How does it differ from a full audit?

From our experience we already have a good idea about where smaller organisations are going to be deficient and we focus on clarifying those areas.

See our GDPR Audit page for more details.

Full GDPR Audit

If your business is a bit more complicated you are more likely to benefit from a full audit.

What you get

  • Auditor, 2-3 days onsite
  • Full report on where your gaps are including a full set of recommendations to enable you to build a prioritised remediation plan
  • Coverage for all parts of your organisation that might touch personal data

During the full audit we interview all business area representatives and ask all the searching questions to get to all the details we need to provide an in-depth and comprehensive drains up report.

See our GDPR Audit page for more details.

Toolkit and Template Solutions

With feedback from our clients we created a GDPR Toolkit, Guides and Templates to help them produce the documentation required for GDPR, track accountability, create privacy notices etc.

Many of our clients purchase the toolkit for use after an audit to manage their GDPR program, and into Business as Usual.

You can now buy this solution without having had an audit toolkit.

Our toolkit has sold hundreds copies since it launched in February 2018, Visit our GDPR Toolkit Page to see what some of our clients have been saying, or talk to us about why our solution is more than just a bundle of word documents copied from the GDPR.


Different courses to suit all needs, delivered on premise by our knowledgable consultants.

  • GDPR Awareness
  • GDPR Awareness including IT Security
  • IT Security
  • Incident management and Breach Reporting

GDPR Management Solutions

For larger organisations we offer a GDPR Management solution based on the Cherwell ITSM platform, through our partner Thebes Group, under the ThebesGDPRAuditing brand.

IT Security Audit

One area not covered by most other organisations offering GDPR audits and consultancy is IT and IT Security.

Because GDPR Auditing consultants come from strong IT / IT Security / Compliance backgrounds we can undertake a full IT audit for you. So, if you have had an audit and are still concerned about the IT then talk to us, we can fill in those gaps.

Not only can we fully audit your IT we can help you fix anything we find – if required.

Our IT Security audits are based on industry standard certifications – PCI DSS 3.2 and ISO 27001 – these are the gold standard for IT systems and security.

Audit, Check and Verify and Second Opinion

Part way through a GDPR program or even finished it?

Our Quality Assurance service is for organisations who are already part way through their GDPR program or have finished and wish to have it independently reviewed.

This service looks inside your inflight projects and advises on whether the outcome will deliver what you need.

The review tests your application of the processes and controls to verify they are working correctly.

When combined with our GDPR audit service it means we can provide help wherever you are in the GDPR lifecycle.

Ask yourself this:

  • Does my subject access request process work in the real world?
  • Have we practiced incident management?
  • Do I know how to report a breach?
  • Are all of my IT systems secure?
  • Have all my staff bee trained?

If you can’t answer yes to all the above you may need some help putting GDPR into practice.


Contact us for more information. You will be under no obligation and if we can’t help or you don’t want us to, then you can walk away.

Follow us