SOLA Consulting

SOLA Consulting is committed to providing best of breed, security industry standard GDPR Compliance Services to our UK and European customers.

All our SOLA Consultancy services are delivered under SOLAarc™ our accelerated regulatory compliance methodology. This best practice methodology coupled with our hands-on experience in delivering end-to-end GDPR compliance planning and mitigation, means we are increasingly the go-to partner for comprehensive GDPR consultancy projects.

Whether your GDPR Programme is just starting or already in flight, our highly experienced GDPR consultants will speed up the process and ensure that you have visibility of every risk, issue and mandatory requirement.


Our SOLAarc™ GDPR Services

Full GDPR Audit

GDPR Essentials Program

GDPR Programme Health Check

GDPR Education and Awareness Workshops

GDPR Resourcing via SOLA Technology

GDPR comes into action in…

If custom countdown is giving an error you may need to enable javascript - please visit Support Center for support.

Compliance + Cyber Security + Best Practice = Business Excellence

We integrate GDPR compliance with its neighbours; Cyber Security, Data Loss Protection, and ISO27001 standards to go beyond May 2018. With compliance we will also bring you the benefits of operational excellence.

The GDPR Overview

The GDPR comes into force on 25th May 2018. From the post room to the board room, the regulation will have an impact on every vital part of your organisation; your people, your processes, your technology and your data.

The major shift, with the implementation of the GDPR, will be in protecting customer and employee Personal Data and Personal Sensitive Data. The cybersecurity landscape is rapidly changing due to the explosion in digital and the ever changing ways in which we all share information. The GDPR strives to protect our own and our customers’ sensitive information in this new digital age. Good news for your customers, but challenging for your organisation.

Through our workshops and seminars we have found that organisations are at varying stages of their GDPR journeys. Certainly some larger organisations are well on their way to being compliant. SOLA Consulting are here to support smaller to mid-sized organisations who need hands-on expertise and support to tackle the significant adjustments the GDPR will bring to their businesses.

The History of Data Protection

Regulation Changes

Some of the key changes to the regulation are summarised here:

GDPR Infographic

The Right to be Informed

The right to be informed encompasses your obligation to provide “fair” processing information, typically through a privacy notice. It emphasises the need for transparency over how you use personal data.

Information that MUST be supplied

The information you supply is determined by whether or not you obtained the personal data directly from individuals.

The information you supply of personal data must be:

  • Concise, transparent, intelligible and easily accessible
  • Written in clear and plain language, particularly if addressed to a child
  • FREE of charge

Right of Access

Under the GDPR, individuals will have “The right to obtain”:

  • Confirmation that their data is being processed
  • Access to their personal data
  • Other supplementary information – this largely corresponds the information that should be provided in privacy notice

Right to rectification

Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.

If you have disclosed the personal data in question to third parties, you must inform them of the rectification where possible. You must also inform the individuals about the third parties to whom the data has been disclosed where appropriate.

You are obligated to respond within one month. However, this can be extended by two months when the request for rectification is complex.

Where you are not taking action in response to a request for rectification, you must explain why, to the individual, informing them of their right to complain to the supervisory authority and to a judicial remedy.

Right of Erasure

Also known as the “Right to be Forgotten”. This is the right to enable an individual to request the deletion or removal of personal data whether there is no compelling reason for its continued processing.

The specific circumstances to have personal data removed:

  • The personal data is no longer necessary in relation to the original reason data was collected
  • When the individual withdraws consent.
  • When the individual objects to the processing and there is no interest in continuing.
  • Personal data was unlawfully processed.
  • Personal data has to be erased in order to comply with legal obligations.
  • Personal data is processed in relation to the offer of information society services to a child.

Right to restrict processing

  • Individuals have a right to “Block” or suppress the processing of personal data.
  • Once processing is restricted, you are permitted to store the personal data, but not further process it.
  • You can preserve just enough information about the individual to ensure that the restriction is respected in future.

Right to data portability

This is a “NEW” right that complements the right of access.

This allows for data subjects to receive the personal data, where they have provided to a controller, in a structured, commonly used and machine readable format and to transmit them to another data controller.

  • Support free flow of personal data in the EU and foster competition between controllers
  • Empower the data subject and give him/her more control over the personal data concerning him/her
  • Facilitate switching between different service providers.

Right to Object

Individuals have the “Right To Object” under three specific cases:

  • Processing based on legitimate interests or the performance of a task in the public interest/exercise of authority (including profiling)
  • Direct Marketing (Including Profiling)
  • Processing for purposes of scientific/historical research and statistics
    (You MUST offer a way for individuals to object online)

Right to automated decision making & profiling

The GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention. These rights work in a similar way to existing rights under the DPA (Data Protection Act).

Identify whether any of your processing operations constitute automated decision making and consider whether you need to update your procedures to deal with the requirements of the GDPR.

For more information please visit the ICO website here


We are immensely proud of our client & candidate relationships and our track record in building strong, lasting partnerships is second to none. We’ve taken the time to grow & nurture them. Here’s what some of our clients and candidates say about us:

Our Partners

We can solve your GDPR challenges.

SOLA Consulting is committed to providing best of breed, security industry standard GDPR Compliance Services to our UK and European customers. All our SOLA Consultancy services are delivered under SOLAarc™ our accelerated regulatory compliance methodology.

Want to know more?
Get in touch

From time to time we would like to send you news and updates and occasionally invite you to our events. Please click here to join our mailing list. You can unsubscribe at any time. For further information on how we protect your data please visit our privacy policy.

Full GDPR Audit

Our GDPR Audit interrogates the four quadrants of the GDPR: People, Process, Technology and Data.

These 4 key areas are analysed for GDPR compliance through a combination of workshops, 1-2-1 interviews, business analysis and due diligence, technical reviews, cyber audits, operational reviews, process re-engineering, automated data discovery and customer data mapping, to provide a roadmap to optimum GDPR compliance for your organisation.

Our GDPR Audit will produce the following collateral that will be licenced to the Customer for ICO audit and GDPR compliance purposes. This collateral will provide a solid snapshot of your organisation’s posture in regard to GDPR compliancy (at the time of publication), and what activities need to be undertaken to reach optimum compliancy:

Our GDPR Audit core deliverables may include;

  • Key Stakeholder Workshops
  • 1-2-1 coaching for key GDPR Stakeholders and Operational Support Staff
  • Full GDPR Audit Report
  • Automated Cyber Security Audit and Report
  • Automated Data Discovery / Network Risk Audit and Report
  • Legal GDPR Documentation Support
  • SOLA Privacy Impact Assessment (PIA) tutorial and template
  • Mitigation Recommendations
  • GDPR Mandatory Deliverables (linked to the Regulatory Articles)
  • GDPR RACI Matrix
  • ISO27001/2 Risk Assessment tutorial and template
  • ISO27001/2 Asset Register tutorial and template
  • Operational and Security Policy Review
  • Active Directory Review
  • Security Operations Review
  • Quick Wins
  • Dashboard Summary

Download GDPR brochure

Request a Consultation:

From time to time we would like to send you news and updates and occasionally invite you to our events. Please click here to join our mailing list. You can unsubscribe at any time. For further information on how we protect your data please visit our privacy policy.

GDPR Essentials Program

Our GDPR Essentials Programme focuses on the core Privacy Management Actions (PMAs) listed in the GDPR articles. Through a series of structured workshops we support your GDPR owner and stakeholders by providing the relevant training, templates and tools necessary to provide a tailored GDPR compliance roadmap for your business.

We record all workshop actions and outputs, including highlighting the GDPR risks to your business and any mandatory procedural changes so that you can complete the activities required to achieve optimum GDPR compliance before the May 2018 deadline.

Our GDPR Essentials Programme differs from our full GDPR Audit in that we provide the roadmap for compliance but much of the heavy lifting to cascade the organisational change required is pushed through directly by our clients.

GDPR Programme Health Check

With our extensive heritage of working on some of the largest transition and transformation programmes in the world, our GDPR consultants are perfectly placed to perform a health check on your existing GDPR programme.

We will ensure that every mandatory requirement has been identified and is owned and managed by the GDPR programme, and that all risks, issues and dependencies have been identified.

In just one week we will make sure that you have identified, planned and forecasted for the full scope of the GDPR.

Project and Programme 101: If you get it wrong at the beginning, you’ll get it wrong at the end.

GDPR Education and Awareness Workshops

The GDPR is not just about technology, or processes, or data. It is very much about a cultural behavioural change for your workforce.

Computers don’t make breaches, people do. Education and awareness is key for preventing accidental data breaches, malicious data breaches, and attacks from cyber-crime.

SOLA Consulting offer training packages for your Key GDPR stakeholders, business unit heads, your entire workforce, your C-suite or your board of directors. We can provide this training at your business location, at SOLA Consulting’s HQ in London Bridge, or at a Venue of your choice.

We also cater for out of hours training, including weekends, to work around your organisation’s schedule.

GDPR Resourcing via SOLA Technology

Your go to provider for premium niche contract or permanent talent across all things data, cyber, digital, sales and GDPR.

SOLA Technology