Most SMBs know they need to take GDPR seriously — but don't have the internal expertise to build a privacy framework that actually holds up. Aursec provides practical, plain-English data protection consultancy for businesses building from scratch or tackling a specific project. No legal jargon. No unnecessary complexity. Just a framework that works.
GDPR compliance isn't a one-time tick-box exercise. It's an ongoing framework that touches every part of your business that handles personal data. Most SMBs haven't built that framework properly — not because they don't care, but because they don't have the resource to do it right.
No ROPA. No privacy notices that actually reflect what you do. No process for handling a data subject request. These aren't just compliance gaps — they're ICO enforcement risks that grow every month you leave them unaddressed.
Many businesses have some privacy documentation in place — but it was written at different times, by different people, and doesn't reflect how the business actually operates today. Inconsistent documentation is as risky as no documentation.
GDPR compliance requires specialist knowledge most SMBs don't have in-house. Passing it to a general manager or HR lead on top of their day job means it never gets done properly — and accountability sits with your business if something goes wrong.
From the foundations upwards — every component of a working UK GDPR compliance framework, delivered as a project, a package, or ongoing support.
A structured review of your current data protection position against UK GDPR requirements. Clear report showing what's in place, what's missing, and what needs to be addressed first.
Development of a complete, accurate ROPA covering all your processing activities — lawful basis, data categories, retention periods, and third-party transfers. Maintained and kept current.
Website privacy notice, employee privacy notice, cookie policy, and internal data handling policies — written in plain English, accurate to how your business actually operates, and legally sound.
DPIAs conducted for high-risk processing activities — new systems, new products, significant changes to how data is used. Template provided for future use. Documented for accountability purposes.
End-to-end process for handling subject access requests, erasure requests, and other rights requests — within statutory timeframes and with full documentation. Staff guidance included.
Review of all international data transfers — including transfers via cloud services, SaaS tools, and third-party suppliers. Appropriate safeguards identified and documented.
Review of third-party suppliers with access to personal data. Data Processing Agreements drafted or reviewed. Supplier risk assessment framework built for ongoing use.
Development of an internal breach response procedure — who does what, in what order, within what timeframes. Aligned to the 72-hour ICO notification requirement. The data protection process, not the technical response.
Three structured packages designed to meet you where you are — whether you're building from scratch, tackling specific gaps, or looking for ongoing support.
The essential privacy framework for businesses starting from scratch or with significant gaps in their current position.
Everything in Foundation plus deeper compliance work — for businesses that need a comprehensive framework, not just the basics.
Continuous data protection support after your initial project — keeping your framework current as your business evolves.
Every engagement starts with understanding your business — what you do, what data you handle, and where your gaps are. Everything else follows from there.
30-minute call to understand your business, current data protection position, and what you need. We'll recommend the right package or project scope. No commitment required.
We review your current position against UK GDPR requirements and produce a clear report showing what's in place, what's missing, and what the priorities are. The starting point for all project work.
We work through the agreed scope — developing documentation, building processes, and reviewing suppliers. Deliverables are practical and ready to use, not theoretical frameworks that gather dust.
Project complete — you receive all documentation and a clear maintenance guide. If you want ongoing support, the retainer picks up from there. If you need a named DPO, DPO as a Service is the natural next step.
Some businesses need more than a consultancy project — they need a named, accountable Data Protection Officer. Whether that's a legal requirement for your organisation or simply the right level of oversight, Aursec provides DPO as a Service as a natural extension of our data protection consultancy work.
No privacy framework in place and you know it needs to be done properly. We build it with you — structured, documented, and practical from day one.
You need a ROPA, a DPIA, a privacy notice review, or a supplier due diligence exercise — scoped, priced, and delivered as a fixed project.
Your data processing is expanding — new products, new markets, new suppliers, new staff. Your privacy framework needs to keep pace. We build it to scale with you.
Data protection sits with someone who already has a full-time job. It doesn't get the attention it needs. We provide the expertise and the resource to get it done — and keep it done.
Could not be happier with the services provided by Aursec in supporting the IT of my Business. From initial engagement, Aursec worked with me to understand my requirements and ensured an efficient rollout of my Company's IT solution. They took the stress out of achieving CyberEssentials Plus certification and now are fully embedded with my organisation as a partner to deliver long term IT Service Support. Aursec would be a great option for any size business but are particularly valuable for smaller businesses that require that additional hands-on knowledge and experience.
Tell us about your business, what data you handle, and where you think your gaps are. We'll come back to you within one working day.