GDPR, PECR and Data Protection Consultancy

Two question challenge to DPO’s.
These are real world examples that have exposed limitations in the level of knowledge possessed by many DPO’s or those responsible for GDPR/PECR implementation.

Question 1

The receiver of a gift decides to obtain either refund or replacement. Under the GDPR does the retailer need to inform the original buyer this has happened?

Question 2

You use an on-line retailer to purchase a ticket for a train journey. They openly and transparently state your details will be kept and used for marketing purposes such as informing you of latest ticket offers unless you click the opt-out box. What is the GDPR/PECR stance in this instant?

Did you know that a website should display a ‘Privacy Notice’ not a ‘Privacy Policy’.

Your privacy policy should be specific to your organisation with highly detailed information on procedures and products as used in your organisation. It should be confidential to your company as hackers welcome that sort of information as a good starting point.

The first, and possibly best, piece of advice we have given to all our customers is ‘don’t lose any data’. This stacks up well when another of our teachings is considered – ‘the ICO are not looking for you’.

The second piece of advice is that ‘compliance is not possible’ and anyone offering to ‘make you compliant’ needs to be shown the door as they for sure have no genuine comprehension of the regulations and are only looking to extract cash from your wallet.

Think back to pre-25th May 2018 when consultants, companies and product vendors alike attempted to frighten us all by claiming a 4% of turnover fine would be the punishment for not purchasing their services or products. Who has egg on their faces now? Although plenty of them made lots of money using that tactic so probably don’t care much anyway.

We are genuine experts in GDPR and PECR, and by extension general data and privacy protection.

We assist and encourage GDPR adherence rather than compliance. A small matter of semantics but very important.

We bring pragmatism to the table and encourage a balance of risk and investment.

We openly point out that the ICO have publicly stated that they wish to work with companies rather than fine them. That is provided the company can be seen to have taken some steps, appropriate for their size and industry sector.

We are happy to have an informal chat, and/or to provide customer references as appropriate.

As part of our consultancy service we can offer:

  • Service to becoming GDPR adherent
  • Service to maintain GDPR adherence
  • A full GDPR and PECR Pack
  • Data discovery service
  • A data protection officer
  • Incident Management service
  • Advice on technology to support data protection
  • Data Protection Training

GDPR Pack contains:

  • Privacy Notice
  • Data Protection Policy
  • GDPR Readiness Statement
  • Multiple Procedures to cover all GDPR aspects
  • Incident Response document
  • Data Location and mapping
  • Staff Training
  • Technology Appraisal


IT consulting, services and supply. 35 years experience in IT including running IT department, procurement, marketing and technical sales. Our core philosophy is one of honesty and integrity. We only have engineers, no wide boys and everyone is focussed on doing the right thing for the customer.


  Amalfi Technology Consulting Ltd
25 Watchetts Drive, Camberley. GU15 2PQ

  01276 786102