A short intake is the only way in — name, email, phone, and the nature of your enquiry. Once you submit, you will receive a confirmation email within minutes and a personal response within one working day.
The intake is the entry point to every engagement. It captures the minimum I need to respond well — and it ensures every enquiry is handled in the same way, regardless of how you found me.
Four required fields, one optional. The data captured here is used only to respond to your enquiry — held under legitimate interests, retained for twelve months, and never used for marketing without separate consent.
The form is processed under the lawful basis of legitimate interests (Article 6(1)(f) UK GDPR) for the purpose of replying to your enquiry. The information you provide is retained for twelve months from your last contact, after which it is deleted unless our engagement has progressed to a contractual relationship.
I will not send marketing communications without separate consent. I will not share your contact details with third parties. I will not pass your enquiry to associates or sub-processors without telling you first.
The full privacy notice sets out what I do with personal data in detail, including your rights of access, correction, and deletion.
Read the full privacy notice →You have the right to:
If your question is not covered below, the intake form is the right place to ask.
Under Article 37 of the UK GDPR, a DPO is mandatory if your core activities involve regular and systematic monitoring of individuals on a large scale, or the large-scale processing of special category data. Even where not strictly required, the ICO strongly recommends appointing someone responsible for data protection. An outsourced DPO is the most cost-effective way to meet this expectation.
You get a named DPO registered with the ICO as your contact point. They attend structured governance meetings, provide ad-hoc advice, manage DSARs and breach incidents, deliver training, monitor regulatory changes, and maintain your compliance evidence base. The relationship is ongoing and embedded — your DPO develops deep knowledge of your organisation over time.
Retainer fees depend on your organisation's size, processing complexity, sector risk profile, and the tier of service you need. I will recommend the right arrangement after an initial conversation and provide a clear, fixed monthly quote. Out-of-scope work is always quoted separately before any commitment is made.
The Health Check is a one-off assessment: it tells you where you stand and what needs to be done. The retained DPO is the ongoing relationship that does the work — managing compliance, handling incidents, advising on questions, and maintaining your posture over time. Many clients start with a Health Check and then move to a retainer to implement the recommendations.
If you process personal data — and almost all organisations do — you have obligations under the UK GDPR. The ICO's enforcement actions show that penalties and reprimands are not reserved for large enterprises. The Essentials tier is designed specifically for smaller organisations who need proportionate support without the overhead of a more intensive engagement.
As your retained DPO, I am available for immediate escalation. I help assess the breach against the ICO's notification threshold, determine whether the 72-hour obligation is triggered, prepare and submit the notification if required, advise on data subject communication, and conduct root-cause analysis. Retainer clients have an accelerated SLA for breach incidents.
The Data Use and Access Act 2025 introduces a mandatory complaints handling process for all organisations by 19 June 2026. The Health Check includes specific readiness assessment, and the retained DPO service includes implementing the necessary procedures ahead of the deadline.
Every prospect is captured, classified, and responded to consistently when contact comes through one channel. It also satisfies UK GDPR cleanly — the form has a documented lawful basis, declared retention, and consent for follow-up correspondence. A scattered set of contact details would not.
Connecting on LinkedIn is not a substitute for the intake form when you have a substantive enquiry — but it is the right place if you want to follow my regulatory commentary, see who I am connected to, or check the credentials before reaching out.
Connect on LinkedIn →I do not respond to client work matters via LinkedIn messages — every substantive enquiry needs to come through the intake form so it is captured, classified, and routed correctly. If you message on LinkedIn with a substantive query, I will reply asking you to complete the intake form.