2
What if I've never done any GDPR work before?
That's completely fine. Many of our clients come to us because they know data protection is important but aren't sure where to start. We can help you understand your responsibilities, identify any gaps and prioritise the most important actions.
3
How long does an audit take?
This depends on the size and complexity of your organisation. Most small organisations can complete the questionnaire within a couple of hours, and reports are typically delivered within two weeks of receiving the required information.
4
What's the difference between a remote audit and an on-site audit?
A remote audit is carried out using a questionnaire and document review and is often sufficient for smaller organisations.
An on-site audit includes a visit to your premises, allowing us to review physical arrangements, discuss processes in more detail and gain a better understanding of how your organisation operates.
5
Will you write our policies and other documents?
Yes. We can help draft or review privacy notices, data protection policies, data breach procedures, records of processing activities and other compliance documents. We aim to produce documents that are practical, proportionate and easy to maintain.
6
How much do your services cost?
Prices for our core services are published on the website, so you'll know exactly what to expect before making contact. For additional work, we'll always discuss the scope and cost with you before any work begins.
You'll receive a written report explaining our findings in plain English, together with a prioritised action plan. We'll also be happy to answer any questions and discuss how you would like to address any recommendations.
What happens after the audit?
7
No! The aim of an audit isn't to catch you out. Most organisations are already doing many things well. Our role is to identify areas for improvement, explain any risks and provide practical recommendations to help you move forward with confidence.
Will you tell us we're doing everything wrong?
8
Many organisations receive data protection advice from solicitors, accountants or IT providers as part of a wider service. We focus exclusively on data protection and information governance, providing specialist advice tailored to the needs of small organisations, charities and community groups.
Why should I choose a specialist data protection consultant?
9
Yes. All work is carried out personally by Liz Sydenham. From your initial enquiry through to the final report, you'll deal directly with the same qualified practitioner who understands your organisation and its requirements.
Will I be dealing with the same person throughout?
10
No. While we focus on the Three Counties and can offer on-site visits locally, remote services are available to organisations throughout the UK.
Do you only work in Worcestershire, Herefordshire and Gloucestershire?
11
Simply get in touch using the contact form or email us at hello@threecountiesdata.co.uk. We'll have an informal conversation about your organisation, your concerns and whether our services are the right fit for you.
How do I get started?
12
Many organisations do, but not all. The answer depends on the type of organisation you run and how you use personal information. If you're unsure, get in touch and we'll help you understand whether registration is required.
Do I need to register with the ICO?
1
Frequently Asked Questions
Here are answers to some of the queries we're most commonly asked. If you'd prefer to discuss your organisation's specific circumstances, please don't hesitate to get in touch.