GDPR - The easy way to  become compliant!

General data Protection Regulator (GDPR) applies to all controllers and processors of personal data to which, all businesses MUST comply. Compliance came into effect on 25th May 2018. If your are a processor, the GDPR places a specific legal obligation upon you and significantly higher legal liability for any data breach .

How can Thrive2Distinction help?

With over 30 years in commercial Information Technology and Data Services Consultancy, we offer a full practitioner service. We have three packages on offer:

How will GDPR affect you and your business?

The government are taking a no nonsense approach to the data protection and this includes the law society. So why should any other business be any different? The 1998 DPA Act has been omissing new technologies from its compliance laws. Now, with social media, online services, USB and external storage devices, phones and a vast exchange of personal data in most transactions, all businesses, including legal firms must protect customers and suppliers data at all times. As a result GDPR has been created.

Personal Data:
The definition of personal data includes information as specific as an online identifier, such as an IP address. Not just a date of birth. GDPR relates to HR records, contact details, customer and supplier lists and email addresses used in marketing campaigns. As businesses scan Passports, driving licences and utility bills to prove identities, data must be stored securely, and backed up.


Sensitive Personal Data:
GDPR relates to sensitive personal data for example: These include genetic data, and biometric data used to uniquely identify an individual. You may not think this matters to you, but how many of you open your smart phone with a thumb print?



Be under no illusion, GDPR enforces compliancy to protect the consumer and the fines for data breaches are extremely high:

Fine Levels:

  • Up to 10 million Euros, or 2% of the worldwide annual revenue for the previous financial year, which ever is greater.

  • Up to 20 million Euros, or 4% of the worldwide annual revenue of the previous financial year, which ever is greater.

Option 1 - Small Business Pack

This package includes the following templates which are full tailor-able to your business:

  • Privacy Notice

  • Cookies Policy

  • Email Disclaimer

  • Information Security Policy

  • Information Management Policy

  • Email and Internet Usage Policy

  • Social Media Management Policy

  • Bring Your Own Device Policy

  • Data Processing Agreements

All templates are supplied in fully editable Word (.docx) format.

£ 350.00

Option 2 - GDPR Tool Kit - DIY

This package includes the full requirements for your business in an editable tool kit.:

  • GDPR Policies and Procedures

    • Documents 1.0 to ​4.11

  • Management System Standard Documents

    • Documents 5.2 to ​16.1.2

This Tool Kit, includes management documents to meet ISO certification. Along with Project Tools, Quick start guide and instructions.

The tool kit includes, a set of ring binders and organisation tabs and with instruction, you are able to complete yourself with training.

£ 650.00

This package fullfils  the requirements for GDPR, by a qualified Practitioner:

  • GDPR Policies and Procedures

    • Documents 1.0 to ​4.11

  • Management System Standard Documents

    • Documents 5.2 to ​16.1.2

This Tool Kit, includes 75 management documents to meet ISO certification. Along with Project Tools, Quick start guide and instructions.

The practitioner completes your documentation and the whole process, including staff training.

Prices start from £1,750.00 depending on the size of the business.

Option 3 - Full Practioner Service

Call for your bespoke package

If you are larger business with sensitive personal data, it is advisable to employ a qualified individual working in your best interest to ensure you are working legally, and not being ‘bullied’ into illegal acts by a client. Some organisations are employing data Protection Officers in excess of £40,000 and as high as £100,000 per annum. This service can save a great deal of financial resource, whilst keeping your business compliant and in control of its data requests.

In the case of a ‘Subject Access Request’ you will need to use the correct legal procedure and this may involve liaison with the ICO themselves. Staff may find themselves in a position of uncertainty where GDPR is concerned which is where we are happy to accept, Calls and Emails with queries, as they arise. Thrive2Distinction take away the pain and anxiety by acting as your GDPR - DPO qualified representative.

The following services are included in this package:

  • Standard GDPR Questions, Help and Advice Contact:

  • Subject Access Request processing

  • Direct liaison to the ICO on your behalf throughout the annual term

  • Three annual review meetings per year taking care of your process and procedures

  • Technical Liaison between your business and your I.T. Provider

  • One complete GDPR audit per annual term

  • Maintenance of your data breach register to reduce impact and potential fines

  • All reviews assessed under strict confidence and confirmed by a professional legal team

Data Protection Office - Business GDPR Advisor Service

Cost Example: 60 hours per year would cost - £7,800, Per Annum - Contact us on 01702 480281 for your bespoke service

Get in touch for your free GDPR assessment. I will provide you with a full compliance report.