Data Protection is about more than just the GDPR

When determining the potential impact that data protection could have on your organisation, it is important to remember that there is more to consider than just the GDPR.

iSTORM can help you to navigate and understand the additional regulations and supporting standards which are relevant to your business and can help you map out what your journey to compliance looks like.

We are firm believers in engaging on an operational level, working with marketing, data, finance and procurement, as well as traditional key stakeholders in compliance and legal.

An effective data protection compliance framework is a cultural and business issue, not just a compliance one.

For more information on how the GDPR can be tackled, check out our blog here

iSTORM services include:

  • GDPR/Data Protection gap analysis & maturity reviews
  • Auditing
  • GDPR framework implementation support
  • Outsourced Data Protection Officer services (DPO)
  • Data Protection Impact Assessments (Review & Completion)
  • Data Flow Mapping
  • Supplier Assurance Frameworks
  • Policy and procedure writing
  • Training & Awareness (online & face to face)

GDPR Audit & Assurance solutions

At iSTORM, our audit and assurance solutions are tailored to your business.

We can help you to understand what processing is being carried out, what personal data is involved and whether the processing is compliant with internal policies and the regulatory requirements of the GDPR, Data Protection Act and PECR (Privacy and Electronic Communications Regulations).

Marketing support (Electronic and Direct mail)

When dealing with electronic or digital marketing there is more to consider than just the GDPR.

If your business engages in electronic marketing activities then consideration also needs to be given to the  Privacy and Electronic Communications Regulation (PECR) as well as industry best practices.

iSTORM has a wealth of experience in dealing with the complexities of producing effective marketing campaigns and can help you create campaigns which meet your commercial desires, while ensuring you stay in line with the law.

GDPR Gap Analysis and maturity reviews

A Gap Analysis is a great way to identify key areas of risk in relation to GDPR and data protection compliance.

Our targeted gap analysis will focus on what’s important for your organisation with the output allowing us to determine what your compliance journey will look like, and how much further assistance you may require.

If you already have good data protection framework in place then our maturity reviews can give you reassurance that everything is still compliant.

Processes, systems and controls change over time, a maturity review allows your organisation to reflect on what is already in place and helps to identify key areas for remediation. 

iSTORM Outsourced DPO solution

iSTORM offers a fully managed outsourced DPO Solution which allows an organisation to meet their regulatory and commercial requirements without the need for a permanent in-house resource.

Our DPO Service is tailored to your business needs, with support starting from as little as 1 day per month.

Where we can help:

Provide an independent review of all data processing activities

Full accountability to senior management (attendance at meetings on request)

Annual data protection audit

Review of current and future data protection related policies and procedures

Assistance with the completion and scoring of Data Protection Impact Assessments

Assistance with the review and investigation of suspected and actual data breaches and incidents through to reporting to the regulator where required

Delivery of in-house training and awareness sessions (as per package options)

Review of marketing activities and data management to help ensure compliance with the Privacy and Electronic Communications Regulations (PECR)

Assistance with the preparation and completion of a Data Asset Inventory (record of processing)

Assistance with the review and management of Subject Access Requests (SAR)

Assistance with records retention and activities

For more information on how our specialist DPO team can support your organisation, contact us today.

“This subject doesn’t have to boring and it doesn’t have to be complicated. It can be the key to better customer relationships and increased levels of trust”

Richard Merrygold, Managing Consultant & Data Protection Officer –

Richard has a thorough understanding of and real passion for everything related to data privacy. His talent for enthusing others about the topic is unparalleled, and his ability to deliver on the projects he undertakes is impressive.

Emma Thomas

Group General Counsel, HomeServe plc





Privacy - Security - Penetration Testing : Your Trusted Advisory Service



Head Office
Elizabeth Court
Church Street
Stratford Upon Avon
CV37 6HX

Tel: +44 (0)1789 608708


Company Registration Number

Company VAT Number
297 9625 30