IOLIS Legal Services

Data Protection Consultancy

Helping you to navigate complex data regulations and create the right culture in your business


Knowledge and advice on GDPR and the DPA 2018

There are three pieces of legislation which form the basis of the data protection rules in the UK, the General Data Protection Regulation (GDPR) which came into force in 2018, the Data Protection Act (DPA) 2018, and the Privacy and Electronic Communication Regulation (PECR).

The regulations are detailed and complicated and the way they impact on one another can be difficult to understand. Add in industry specific laws and requirements, and things can feel very confusing.

We cut through the complexity to make things simpler for your business, helping you make sense of the things you need to do to protect it.

IOLIS helps you incorporate effective data protection into everything you do, including your organisational culture and policies.

Subject Access Requests

bust beside columns

We help you get it right when it comes to SARs

Under GDPR and the DPA 2018, people have the right to know what personal information your organisation holds about them.

They can submit a Subject Access Request (SAR) asking for copies of the data and ask you for the legal basis for holding it, how long you’ll keep it, and other details about what happens to it.

This can include requests from customers, potential customers, suppliers, members, employees, and ex-employees.

It can also include people with whom you have a dispute, such as former employees. As more people understand their rights, the number of SARs is growing, too.

So, should you send the information or not? Will it cause more problems later? What happens if the data mentions other people?

The answers to all these questions depend on the exact information and circumstances and getting specialist, experienced advice will help you avoid potential pitfalls.

IOLIS gives you all you need to fulfill your legal duties on SARs without damaging your business or its reputation unnecessarily. We’ll also help you avoid being the subject of a complaint to the ICO.

Data Protection Checks

Get peace of mind by booking our data health check

Sometimes, all businesses need an objective assessment by someone with specialist skills.

When it comes to compliance with data protection law, you need a fresh set of eyes on your practices and processes.

IOLIS audits your data protection framework and how policies are implemented. We flag up issues before they blow up with a complaint and help get your organisation into the best shape possible.

Our audits usually take around a day on site for an average sized business. Then, we provide a written report and highlight any weaknesses.

The benefit? You and your team know exactly what you need to do to comply with GDPR and the DPA 2018 and can put systems in place to overcome those weaknesses.

That, of course, also gives you peace of mind.
gray metal locker on white surface

Data Protection Officer Services

person writing on white form paper

An outsourced DPO will bring independence and the skills you need

How do you know if your organisation or business needs a DPO?

If you’re covered by the Freedom of Information Act as a public body, you do. That includes opticians, dentists, and pharmacists, no matter the size of their practice.

Businesses which process special category data, such as medical information, on a large scale or the core activities involve the large-scale monitoring of individuals also need a DPO.

Your DPO must be an expert on data protection laws and they must be independent, to avoid conflicts of interest over data and how it is used.

Many other businesses and organisations also choose to have a data protection officer to ensure they comply with the rules and are trusted by their customers or users.

The DPO understands your business, can advise you on data protection issues, and provides a safety net if your data controller is off work for a protracted period or leaves your organisation.

Outsourcing your DPO to IOLIS brings your organisation the skills you need without having to recruit a specialist on staff.

GDPR and the Data Protection Act 2018 allow for the use of a contracted DPO who can perform work for many organisations.

You get expert advice and guidance when you need it. You don’t have the considerable overhead of employing a specialist in-house.

Your nominated DPO will

Be the registered first point of contact for the ICO
Deal with communications from the ICO
Advise your organisation about compliance with data protection laws and other areas of information governance that may apply
Provide advice and guidance on data protection issues
Monitor compliance with periodic checks and an annual audit
Manage internal data protection activities
Advise on data protection impact assessments
Be the first point of contact for your data subjects

How it works

You pay for a minimum number of hours per month (this will vary according to the size of your operation).
Additional hours (if required) can be accessed at a guaranteed hourly rate.
You benefit from a fixed price annual audit
You have direct access to your nominated DPO
Your DPO will be on hand if you have a data breach to help you handle the situation and minimise the risks

Does your UK business need advice on data protection and GDPR? Tell us how we can help you.

Call us to start the conversation on 029 2000 2339 or email

Contact us
© 2020 IOLIS Ltd. Reg. in England & Wales Num.11968202 For reg. address see contact details | Website designed, hosted, and maintained by Jötnar Systems