Data Protection & GDPR

Data Protection & GDPR

Data Protection and GDPR

Ensuring your data is fully protected against unauthorised access, loss or destruction, and is compliant with GDPR and all other data protection regulation


Protecting your data

Data Protection is about more than just making your data compliant. No matter where your data is located, or how it is stored, or what type of data it is, it needs to be protected against unauthorised access, loss and destruction.

Aim's data protection services help you to understand your vulnerabilities, and address them. Data can then be indexed and classified to ensure it is fully compliant with all data protection regulation including the GDPR.

Our GDPR Services


Support and guidance for organisations at any and all stages of the data protection lifecycle

Phase 1 “Discover”

This involves a Data Protection Officer (DPO) focused readiness review to discover all current aspects of the personal data (PD) model, Personal Information Management Systems (PIMS), data flow lifecycle, management and protection of data, and to identify any gaps in compliance with the clauses of the Regulation. Key outputs are data inventory and data map.

Phase 2 “Execute”

This involves executing the actions and IT system technology required for gap closure, ensuring sustainable and continuous compliance and management of the data lifecycle. May comprise relevant policies, processes, standards, data protection impact assessments, data incident management, SARs, regulatory roles/responsibilities (eg DPOs) and training.

Phase 3 “Comply”

This involves embedding all aspects of data protection through “data protection by design and default” governance and full application of the compliance model.

Phase 4 “Act”

This involves organisational checks to ensure PD data management and breach protection is working effectively and to take action where it is not. Also to review and implement changes to the compliance model arising from revised guidance or changes to EU GDPR. Finally to monitor and act upon new technology/trends that may impact PD and wider data protection.

Discovery Reviews

To understand scope of GDPR compliance implementation, and after implementation to check that GDPR compliance continues to work correctly.

By carrying out a Discovery Review for your organisation, we can help you to understand the scope of GDPR compliance implementation, and after implementation to check that GDPR compliance continues to work correctly.

Via questionnaires, interviews and site visits, Aim will review all aspects of your compliance with GDPR. Dependent on the duration and scope of the review, Aim will deliver:

  • A data inventory detailing the documents and repositories where personal data is maintained;
  • Data maps showing the flow of data through your organisation, highlighting hotspots which may require enhanced security or process changes;
  • An assessment of your information security status;
  • An assessment of your policies and procedures;
  • A review of your business-as-usual practices highlighting risk areas;
  • Recommendations for the appointment of a data protection officer; and
  • Recommendations for the changes required to move towards GDPR compliance.

The resulting recommendations can be used as the basis for the appointment of a data protection officer, and to guide the transition towards GDPR compliance.

To find out more email us here.

To find out more about our GDPR training, click here.

Qualified Compliance Lawyers

With expert knowledge of the GDPR regulations and wider corporate governance demands;

Aim partners with qualified lawyers who are fully IAPP accredited privacy professionals with specialist knowledge of the GDPR and a clear understanding of how clients can build on their existing systems and processes for data protection in preparation for the GDPR.

In conjunction with Aim our legal team works with our client’s existing teams and specialists such as HR, IT and Data Security, or external experts to guide you along your ongoing compliance journey.

Contact us to find out how our GDPR lawyers can help your organisation.

Click here to find out about Aim’s GDPR training courses.

Interim Data Protection Officers

Our DPOs can provide a cost-effective solution for organisations not wishing or unable to appoint full time roles.

Aim provides interim Data Protection Officers for GDPR. This is a cost-effective solution for those organisations for which a full-time and permanent DPO is not appropriate.

Article 37 of the GDPR states that the controller and the processor shall designate a data protection officer in any case where:

  1. the processing is carried out by a public authority or body;
  2. the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or
  3. the core activities of the controller or the processor consist of processing on a large scale of special categories of data and personal data relating to criminal convictions and offences.

In addition, the article also states that the Data Protection Officer (DPO) shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks required.

However, the GDPR does allow for a single DPO covering a number of jurisdictions, as long at they are easily accessible from each establishment, or a single DPO can cover multiple bodies. Also, the DPO may be outsourced, or may be a member of the data controller or processors team, as long as there is no conflict of interest.

This allows a company to fill their DPO role in the most expedient way, and provides an opportunity to use an outsourced or interim DPO. The interim role holder will have wide experience of setting up the mechanisms which will be used within the company in an ongoing basis. The position may initially require significant input, but as the structures are put in place, input will be reduced, and a permanent role holder can take over the responsibilities.

Key responsibilities include:

  • Compilation of data inventories and maps;
  • Determination of the legal bases for processing data;
  • Recommendations for data minimisation;
  • Recommendations for actions required to fulfil data subjects rights;
  • Risk assessments;
  • Data protection impact assessments;
  • Recommendations re changes to policies and processes, privacy notices; and
  • Recommendations re information security.

Contact us to find out if an interim DPO is right for your organisation.

Find out more about Aim’s GDPR training courses here.


For managers implementing GDPR compliance, for new data protection officers, and for employees required to understand their role in the new regulations.

GDPR Training at all levels – Practical Application Not Impractical Information

With the new General Data Protection Regulation (GDPR) having come into force on 25th May 2018, now is the time to ensure your management team and employees are fully aware of their responsibilities and the actions to be taken.

Aim offers a range of GDPR training courses and awareness sessions for senior managers, new data protection officers and employees required to understand and comply with the new regulations. We focus on the practical application of GDPR in your business, tailoring the material to your needs.

Aim GDPR training courses:

Senior management training

A one day classroom training course covering all elements of GDPR with a particular focus on business risk, via interactive sessions, understanding your responsibilities regarding client and employee data and the actions to take to address the regulatory requirements. Attendees will leave the course with a good comprehension of the GDPR, know the right questions to ask of the business and the next steps to take as well as a plan for your business to assess and meet compliance.

Data Protection Officer training

A one-day classroom session giving an introduction to the regulation for new Data Protection Officers, to meet Article 37 of the GDPR which states that ‘The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices…’. Attendees will leave the course with a clear understanding of the regulation and a plan for your business to assess and meet compliance.

Employee awareness sessions

These training sessions are held in 3 different formats:

  • An At-the-Desk one hour briefing session delivered via e-learning to your employees, providing an excellent overview of the key points of the new regulation, your employees’ obligations and their own rights under GDPR.
  • An At-the-Desk GDPR awareness webinar, delivered by our CIPP(E) qualified GDPR consultants in individual or group sessions (1-100 users), which includes a Q&A session for your employees.
  • A one-day instructor-led GDPR training session, either at your premises or one of our training venues, specifically tailored to your business and industry.

Bespoke training sessions

We can tailor GDPR training to the specific needs of your industry, business and employees, in classroom training or workshops either at your own offices or at one of our training venues, and in webinar formats.

Our tutors have hands on experience of GDPR assessments and are CIPP(E) accredited, giving you the security of knowing that you will understand how the GDPR relates to your business, rather than what it means in isolation, and act accordingly.

Self-training videos

Access our online GDPR self-training videos for free here!

14 modules to go through at your own pace that will give you an understanding of the importance placed on the security of personal data in a technologically complex world. Once the course completed, you will be able to take a short quiz testing your knowledge of the material covered.

For more information about our GDPR training courses, click here.

GDPR M&A Runbook

Aim and Midaxo

GDPR best practice guiding your M&A processes

A detailed understanding of data in M&A, IPO and divestments is vital. Whether it is the buyer wanting to understand the regulatory compliance of data it will be taking over, or the seller wanting to assess the intrinsic value of data it holds, both need to ensure that data due diligence is undertaken effectively.

Aim and Midaxo are joining forces on GDPR best practice, ensuring compliance during all stages of your M&A process.

GDPR due diligence could save an organisation significant money and reputational damage and eliminate an avoidable risk. Midaxo and Aim have created the Midaxo M&A GDPR Runbook, which offers both data protection professionals and non-professionals alike a clear, repeatable, and efficient process for assessing compliance with the GDPR, establishing where there are gaps against the regulation, and where potential risks might lay.

Midaxo is a complete cloud-based software solution for M&A and Corporate Development – enabling teams to manage risk, work efficiently and create value from deals. Centralize all work — project plans, documents, communications, and issues — and create one source of truth. Work collaboratively and securely with in-house and external teams. Real-time analytics dashboards and one-click reports enable teams to visualize an M&A pipeline or track the progress of due diligence and integration projects.

Contact us for more information.

Data Protection with dataBelt®


Automate data protection and minimise the risk to your data

Automate everything

Automate management and execution of all data protection activities, whatever the jurisdiction, including GDPR, POPIA, PI Specification, to ensure a robust data protection posture.

Discover, connect and search

Discover and connect to all your data assets in any location and search for and find any data of any type, stored on any source.

Create & manage data inventories

Create data inventories, data relationships and determine how data flows into and out of an organisation.

Data Subject Access Requests

  • Automate the receipt, documentation, progress and reporting of all data subject access requests (DSARs) within auditable case manager.
  • Perform data minimisation & redaction.

Manage consent and contact

Manage, progress and monitor consent, right to be forgotten and freedom of information requests.

Manage data breaches

Auto-create breach reports, liaise with regulators and contact impacted data subjects in the event of a breach.

Understand data risks

  • Understand the risks to your data, vendors and data supply chain, to ensure it is appropriately stored and protected.
  • Undertake data impact risk assessments of changes to data and data processing systems.

See everything on the dataBelt® dashboard

Analyse data protection metrics and view everything on the dataBelt dashboard.

GDPR Data Governance Solution diagram Vyond.JPG

In tandem with data compliance, dataBelt®'s data protection module has the capability to provide a comprehensive data protection/GDPR compliance response and fully support the activities of the enterprise's DPO and associated Privacy Office.

  • Open and manage all requests, enquiries and investigations in Case Manager
  • Classify and index all your data, identifying any personal data
  • Raise, process and monitor DSARs and FOIs
  • Search any data asset of any size or type, anywhere, and locate any data in any structured or unstructured format
  • Report and liaise with originator and all relevant authorities


contact.png Contact us