The General Data Protection Regulation (GDPR) was the first major review of data protection in the UK and Europe for over 20 years.

Enacted into law in May 2018, the (now) UK GDPR has had widespread implications in respect of how behave, and think, around the collection and processing of personal data.

Every organisation must ensure that it has robust and clearly defined processes in place, and ideally have access to appropriately qualified and experienced advice and guidance – in respect of data protection / privacy best practice.

Your clients, supply chain, stakeholders and employees need to trust that you understand the core values of data privacy and have implemented the best possible controls and processes, to ensure that their data is respected, safe and secure.


At Moore ClearComm we understand that no two organisations are the same, and while every UK-based organisation must adhere to (and comply with) the same legislation requirements (UK GDPR, Data Protection Act 2018, PECR and so on) – your approach to compliance may differ, based on the specific factors and attributes relevant to your organisation.

On that basis we have created a range of managed service and project management options for you to consider, to ensure that every organisation can benefit from Moore ClearComm’s experience and expertise in all things data protection and privacy related.

Data Protection & Privacy Audit

Either as a standalone project, or as a precursor to our managed service options, our comprehensive independent Data Protection & Privacy Audit will review your organisations current compliance status, and provides you with a detailed, strategic roadmap towards achieving a state of compliance.

The results of the audit (with each element scored based on compliance and risk) will likely shape your decisions in respect of further support from Moore ClearComm – and the initial roadmap and objectives within a managed service provision.


We will review your current policy framework to ensure that your organisation is compliant with relevant data protection legislation, such as the Data Protection Act 2018, UK GDPR, and PECR.

Our Auditor will review and report on your current and historical practices and how that impacts within legislation. A full interpretation of the principles of data protection (relating specifically to your organisation) will be established and documented, as part of this service.

Our robust audit process will generate tangible findings, from which the Data Protection Officer (DPO) carrying out the audit will create a detailed Action Plan supported by a clear set of our findings – in respect of 7 key areas of your business:

  • Governance
  • Marketing, communications, and fundraising
  • Service areas
  • HR and Finance
  • Volunteers
  • Data subject rights
  • Cookies

The findings are “RAG” rated (Red, Amber, or Green) in respect of their risk level, are essential for shaping the early support delivered under a managed service contract.


The audit process and its outcomes are a useful conduit to shaping and influencing which of our managed services is best suited to your requirements and will identify areas of immediate concern – along with longer term, ongoing areas to address.

Data Protection Officer as a Service

Our premium managed service provision (DPOaaS) is designed to ensure data protection / privacy compliance is proactively managed on behalf of our clients.

DPOaaS support from Moore ClearComm ensures that your data protection and privacy compliance objectives are proactively managed, whilst advising and guiding your organisation and employees in respect of the UK GDPR and best practice.

In addition, your Data Protection Officer will assist and liaise with the Information Commissioners Office (ICO) when required, in the event of a data breach scenario and subsequent investigation.

A Data Protection Officer (DPO) is specifically allocated to your organisation, and your monthly fee relates directly to a pre-agreed allocation of DPO hours, based on an annual allowance and a minimum 12-month contract.


On engagement your organisation is appointed a dedicated member of our team to work on and off-site.

This enables us to offer a proactive compliance programme working alongside you and dealing with issues such as Data Subject Access Requests, DPIA’s, managing breach logs, training, and employee requests.

Your DPO can support key processes such as:

  • Data mapping exercise
  • Data protection audit and review
  • A review of your existing Data Protection related documents, policies, and procedures
  • Support with Record of Processing Activities (RoPA) Creation (see next page)
  • Responsive Advice & Guidance on all aspects of the UK / EU GDPR
  • Assistance with Data Subject Access Requests (DSAR)
  • International Data Transfers
  • Advice and guidance with regards to PECR
  • Review of Data Processing Agreements (DPAs) and Data/Information Sharing Agreements (D/ISAs)
  • Provision of/Support with of (up to) 8x Data Protection / Privacy Policy Document Templates
  • Employee Training & Awareness Session(s)

Data Protection Advisory Service

Our Retained Advisory Service provides data protection and privacy-based advice and guidance, provided directly by our experienced and qualified Data Protection Officer team.

A Data Protection Advisor (DPA) is specifically allocated to your organisation, with a monthly fee based on an agreed allocation of DPAS hours to draw from, across an initial 12-month contract.

Upon requests for our support, you will benefit from the same excellent quality of service and dedication as delivered via the DPOaaS model.

Our Data Protection Advisory Service takes the form of assistance, advice, support, and guidance in respect of key areas of data protection compliance and best practice:

  • All aspects of the UK GDPR
  • Data Subject Access Requests (DSAR)
  • International Data Transfers
  • Privacy and Electronic Communications Regulations (PECR)
  • Review of Data Processing Agreements (DPAs) and Data / Information Sharing Agreements (D/ISAs)
  • Delivery of Training and Awareness for Employees
  • General best practice advice and guidance
Privacy Projects


In instances where an organisation reaches out to Moore ClearComm for one off support and advice, we can provide ad-hoc project management support.

Project management can be a more suitable approach than taking on one of our managed services, in scenarios where the work is likely to encompass a specific area of data protection / privacy, and not exceed the time provided within a managed service 12-month contract.

For example, where your project (once scoped by our team) is likely to require 12 hours or less of Data Protection Officer (DPO) time, it is likely we may suggest a project is the most appropriate way forward.

However, we also factor in other areas of your organisation that may require attention – and will usually ensure we present you with balanced options to consider. This will include a detailed proposal of our managed service options (see above service overviews).


Our project work is based on an initial (minimum) fee of £500.00 + VAT, which factors in the patterns we consistently experience in ad-hoc projects. In most instances this fee allows for 2.5 hours of DPO time, based on (example):

  • Initial DPO team – Client Interaction and Project Scoping
  • DPO Follow Up Work, Reporting and or Feedback
  • 30 Mins of additional time set aside for general admin and interaction

From this initial process, further work will be based on an agreed project roadmap and additional project time based on our standard hourly fee rates.



The UK health & social care sector is under constant pressure in terms of data protection and information security challenges against the financial cost of these services. Many care providers risk a malicious cyberattack due to operating without supported medical devices or staff focused on clinical care rather than cyber security and data privacy.

Our CareSecure service is designed to help small to medium sized health and social care providers to reduce their risk, increase compliance and ensure that their NHS DSPT is published annually.