“GRCI Law provided a thorough gap analysis to help our company achieve GDPR compliance before launching an IoT product in Europe. They were thorough when researching questions we had about data privacy and how to categorise the various pieces of data we collect through our app and IoT device. They also provided DPO services and helped us prepare for Brexit, and we feel prepared for the year to come.” - Business Systems Manager, IoT company
This all-encompassing service fulfils your DPO responsibilities under Articles 38 and 39 of the GDPR and includes an experienced and dedicated DPO as your single point of contact. Your DPO will also be independent with no conflict of interest with other business services.
We only advise on data protection, privacy, and cyber and information security, which means our team has sector-specific knowledge and experience, and visibility of the latest trends, best practice, developments and challenges.
Our clients view us as part of their teams and we are known for our pragmatic, commercial advice. We won’t just identify an issue or advise on the law, we provide you with a practical solution to suit your specific needs.
"GRCI Law have been appointed as The GORSE Academies Trust Data Protection Officer (DPO) for more than 2 years now. As well as fulfilling the legally required role of DPO, GRCI Law provide in-depth and insightful advice on a range of matters, both formally and informally. This advice includes:
The advice is always timely and considered, covering both legal requirements but also practical advice in ensuring data protection within the trust is deliverable by the trust and their staff at all levels of the organisation. GRCI Law understands the trust and the personal data we process, and has fully engaged in getting to know our business. This ensures advice is specifically tailored to our setting and organisation, which is invaluable in ensuring actions are implementable and does not unduly disrupt the effective running of our academies.
The access to expert legally compliant advice, alongside timely, proactive and practical assistance to ensure data within the trust is protected is an invaluable service, ensuring the trust can meet it’s legal and moral duties to protect the personal data we hold on behalf of the many thousands of individuals we serve."
- Richard Amos, Strategic Lead Officer, The GORSE Academies Trust
"OASIS Group has used the legal services of GRCI Law over the last few years for data protection matters.
We are provided with legal experts who are dedicated to our account which gives us full continuity of service. These experts have worked on the ‘other side of the fence’, having come from industry, so they really understand the challenges that businesses face when dealing with the complexities of regulations and legislation. Their advice is always simple and pragmatic, and is provided in a way that supports our business rather than in a way that could work against it. They always put our interests first, but at the same time they will balance these against legal or regulatory requirements so that we always do the right thing.
They work across multiple functions in our business rather than just with one individual. This equips them with all of the knowledge that they need to provide us with the right level of support.
The real value of their services comes from their technical knowledge and expertise in data protection law, they always keep up to date with the outcome of data protection legal cases and case law which often set the precedent for their future application. This ensures that we do not fall foul of the law due to the grey areas that sometimes exist.
Our legal representatives are also extremely responsive. When we call on their services, we require a very fast response so that there is no disruption to the service that we provide to our clients. They will always respond within hours, they never let us down, which means that the service we provide to our clients is seamless and reliable.
We have full confidence and faith in their advice. They are true partners and in fact, we regard them as part of our team, we are very grateful for all of their support."
- Nicola Simpson, Group Compliance and Audit Director, Oasis Group
"We are a relatively small organisation, and rely on GRCI Law to provide external DPO support. They are able to provide domain knowledge and expertise that we do not have in–house. We have a named person who acts as our DPO. She is approachable and quick to respond, has a good understanding of the sector that we are in and the sort of issues that we are facing, and really makes an effort to look into the specifics of every issue that we raise, and offer practical workable solutions. She meets regularly with our working group and is able to provide support and advice on the GDPR-related matters that they raise. And in between meetings she is quick to respond to direct queries."
- Peter Alsop, Finance Bursar, Wadham College, Oxford
"Using a structured approach by developing a milestone plan for GDPR compliance for our company, I was able to utilise the guidance and expert knowledge provided by GRCI Law, to deliver the first milestone on time.
The advice given is in a pragmatic easy to understand way and very defined to our business. The continued relationship with this company is providing us with compliance and legal information to avoid any GDPR pitfalls but also, I am confident, will improve our score with GRESBY (Global Real Estate Sustainability Benchmark).
Of note is the professional first-class guidance our GRCI Law Consultant provides on 3rd party data sharing, PECR rules, advice around cookies and IT systems generally.
GRCI Law also have the backup facilities for a continuous service and legal specialist to help with those DPA, data sharing agreements and supplier contract issues."
- A. Goldston, GDPR Officer, Farnborough Airport
"We appointed GRCI Law as our Data Protection Officer back in 2018 having decided to outsource this important service. This was for us definitely the right course of action and GRCI Law have supported us in many different ways including data protection for staff training and specialist advice in a wide range of important areas. In particular, the initial data protection audit created a clear action plan for us to follow and we have benefited from having a good and responsive relationship with our appointed leads at GRCI Law."
- Steve Kind, Director of Finance and Operations, Association of School and College Leaders
"If you require outsourced data protection support for your GDPR compliance, we highly recommend working with GRCI Law. As a specialist in data protection, privacy and cyber and information security law, our DPO has not only provided expert guidance, but she has taken the time to meticulously understand our business and tailors her advice based on the industry in which we operate. The service that is offered is both efficient and flexible and through a mixture of on-site meetings and video calls, it feels as though she has become one of the team!"
- Vickita Reddy, Director of Marketing & Brand – Aviator & The Swan
Our team of qualified DPOs, lawyers, barristers, cyber and information security experts have decades of experience between them and have advised on, created and delivered effective data protection solutions including:
For more information about this service or to get a tailored quote, please enquire below and one of our experts will be in touch shortly.
We provide a full suite of data privacy services including DPO, breach management, data privacy management, DSAR support, and associated non-reserved legal services.
We offer legal risk and compliance consultancy advice that you can trust, but without the burden of administrative duties and expenses that law firms must bear in order to carry out certain ‘reserved legal activities’, such as litigation, conveyancing and advocacy.
GRCI Law has completed the NHS Data Security and Protection (DSP) Toolkit online self-assessment, which allows organisations to measure their performance against the National Data Guardian’s ten data security standards, providing the assurance to all NHS clients that we are practising good data security and that personal information is handled correctly. If you process NHS patient data in any capacity, GRCI Law can assist you with all your data privacy requirements.
Stay up to date with the latest industry news on our blog.
If you have any queries or you’re unsure of how to progress, please get in touch with our team of experts, who will be able to assist with your enquiry and provide guidance options.