GDPR | General Data Protection Regulation

Combining legal, compliance and data expertise, Experian, Dufrain, GD Financial Markets and New Leaf Advisory provide the capability to address the legal, data, and technology aspects of the incoming regulation, representing a unique offering for the UK market.

Our approach is segmented into 9 organisational pillars, delivered across 4 complimentary phases. These phases can be implemented individually or as a single and holistic service, depending on the needs of your organisation.

  • Queen’s Counsel signoff is provided on your GDPR obligations, subject to satisfactory remedial action
  • Extensive experience in helping clients address their Data Protection challenges, and delivering managed services for major financial institutions
  • Innovative data analysis and business intelligence solutions to accelerate the end-to-end remediation lifecycle
  • Regulated legal advice embedded in the service
  • Appropriate law-firm levels of professional indemnity
  • Single prime entity and single invoice for service

4 Phases

Each of the phases can be implemented individually or as a single and holistic service, depending on the client needs. Click here to see more.

9 Pillars

Through workshops, we establish which areas clients need to focus on in order to be GDPR compliant:

  • Data Profiling – data discovery activity to identify where and how data is stored and used
  • Products and Services – what products and services are being offered by the organisation
  • People – security protocols for employee access, data protection and the process for granting access
  • Processes – identify processes and the impact these have on privacy and data protection
  • Data/information – data mapping in order to understand data source and establish owners and users
  • Technology – collection of information across the organisation, including linkages with other firms and technology suppliers
  • Location – review of where the data is held (i.e. remote location) and the security protocols in place
  • Controller/data processor – roles and responsibilities of the data controllers and data processor including legal obligations
  • Organisation – roles and responsibilities of the organisation and the process around data protection and breach management





Paul Saunders

+44 (0) 20 7759 1421
Paul Saunders

Jon Szehofner

+44 (0) 20 7759 1423
Jon Szehofner

Anthony Fraser

+44 (0) 7584 310 737
Anthony Fraser
Gordon Dadds