GDPR | Beyond 25 May 2018

We want to cut through all the GDPR hype
and provide you with the relevant information and the tools
to meet your GDPR obligations in a cost effective way.

See How We Can Help

MPAC, GDPR and You!

The MPAC Group is one of the UK's leading corporate compliance and regulatory advisory firms.

Founded in 2003, MPAC services the needs of UK and multi-national companies, who require cutting edge advice on various issues within the regulated sector.

MPAC Products has partnered with various specialist firms in the GDPR sector to combine our respective and complementary skills to offer you a comprehensive “Single Source Solution” to cover all your GDPR requirements.

We can get you on the path to GDPR compliance.

See What We Have to Offer

GDPR is the law and you have to implement it.
If you are not ready, our team of experts and partners are here to help you every step of the way along your GDPR journey.

Our Services

We, together with our specialist partners, have put together numerous fixed priced packages of templated documents and services that will provide the tools and knowhow for all types, and sizes, of firms, companies, partnerships, charities, clubs and associations.


Our Data Flows and Management Tools will help you identify personal data, and target GDPR policies and procedures specifically for your firm.

GDPR Training

Our numerous online training modules cover a variety of GDPR topics. Face-to-face and video training can also be provided to your firm.


Your statutory minimum insurance or cyber policy may not cover the risks of data protection loss under GDPR.
* Contact us for more information.

PR Services

You will have access to a London based PR company that will provide you with the wording and guidance for a public announcement should a breach occur.


Our London based law firm partner has compiled a suite of templates to help you implement the contract, policy and HR changes of your GDPR strategy.

Data Audit

An audit of your project to date is available which will highlight shortfalls in your approach to data collection as are post 25th May audits of GDPR within your firm.

Information Technology

Our offering provides numerous components including: a technology and security review, GDPR management tools, GDPR compliant search engine.

Data Protection Officer (DPO)

We provide you with an outsourced DPO without the costs of hiring and/or training an existing employee.
* Available with annual subscription

The GDPR Basics

A few definitions that you will need to know.

Personal data

Any information relating to an “identified or identifiable natural person (the ‘data subject’)”. So names, online identifiers, device identifiers, cookie IDs, IP addresses, email addresses (like


Any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, structuring, storage …., use, disclosure by transmission, dissemination or otherwise making available …, erasure or destruction. Effectively if you do anything to personal data, you are very likely “processing” it.


The natural or legal person, public authority, agency or other body which determines the “purposes and means of the processing of personal data”.


Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data.

Full Service GDPR Packages

Whether pre-packaged or bespoke, we have a GDPR service for your company.

GDPR Package Pricing

£7,500 + VAT

GDPR Road Map High level step by step guide towards GDPR implementation for client firm
GDPR Training 8 training modules sold as a complete package (including narratives in hard copy) as follows:
  • a) Introduction to GDPR;
  • b) A Senior Manager's Guide to GDPR;
  • c) GDPR Project Management;
  • d) Your Data Subject's Rights under GDPR;
  • e) Lawful Processing, Consent and Communications;
  • f) Data Impact Assessment and Data Protection Officers;
  • g) International Transfers; and
  • h) Fines and Breaches
The package includes a staff training log to record training undertaken
MPAC Consultancy Capped 6 hours of consultancy to the client
GDPR Mapping Tool Excel workbook with guidance and worked examples to assist client firms map their sources and uses of personal data data (with Privacy Notices)
Starter Board Pack An introduction to the client's governing body on GDPR, enabling it to understand its GDPR obligations from a high level
Recommended GDPR Policies 5 template policies :
  • a) General GDPR Policy;
  • b) GDPR HR Policy;
  • c) GDPR IT Policy;
  • d) Subject Access Request Policy; and
  • e) Personal Data Breach Policy
Data Breach Log Template for recording any personal data breaches committed by client firm
Privacy Notices
  • a) External Privacy Notice for client's website etc; and
  • b) Internal Privacy Notice
Template Clauses
  • a) Data Controller to Data Processor Agreement; and
  • b) Data Controller to Data Controller Agreement
Closing Board Pack Outlining the GDPR approach the client will take and action points

GDPR Optional Package Pricing Schedule

GDPR Training Face to face training covering each of the above modules-
  • Training can be provided at the clients place of business, at our office or via video conferencing
£ call for tailored pricing
GDPR Compliant Search Engine Search engine that provides anonymous searches, does not collect user data and will not display adverts allowing employees to use the company's systems to conduct searches without their data being harvested for other purposes. Free to download and if require your company logo to be displayed, cost is £75.00 plus VAT (client provides high resolution logo)
GDPR Technology
  • a) GDPR Management systems & document repositories
  • b) Review of your technology in terms of compliance with GDPR and security plus penetration tests
  • c) Tools to aid security such as secure (encrypted) email service
  • a) £ call for tailored pricing
  • b) £ call for tailored pricing
  • c) £ call for specific pricing
GDPR Insurance Policy Specific policy covering business interruption loss, credit monitoring costs (for data subjects whose data has been lost), cyber extortion costs, data restoration costs, forensic and specific legal costs etc. (all cover is subject to acceptance by the underwriters and the description here is what may be covered should you purchase this specially arranged policy) Call our broker on
0203 544 4889 or email quoting reference EK1 for the specific policy
Additional PR Cover (For those who do not have this covered by insurance). This will cover any external announcement that may be necessary on the occasion of a breach £ hourly costs
Outsourced Data Protection Officer (DPO) To cover the outsourced role of DPO. This is a monthly retainer £ please call for costs
GDPR Audit
  • a) Gap analysis/review of your current GDPR implementation in respect of IT infrastructure, training, legal agreements, policies and procedures;
  • b) Regular, post GDPR audit of your policies, procedures and processes (can be part of your monitoring procedure)
£ call for pricing specific to your needs

Download our brochure