Data Protection Risk Assessments, Surrey
We provide independent reviews of an organisations personal data processing activities.
We offer both high level, and in-depth data protection audits. You are provided with a report that covers recommendations and remediation work.
Data protection audits across Woking and Surrey
Ideal for organisations updating their processes to be in line with the Data (Use & Access) Act. Click here
Whether you choose a high-level review, an in-depth audit or something in between we will always work with you to create a remediation plan based on the audit report and will carry out the work for you.
Clara Westbrook
25+ Years PQE
Founder | Qualified Solicitor | Data Protection Specialist
079 7693 9016
What we offer
We can offer you fast turnaround on time and on budget.
- A data flow is understanding what personal data is flowing into, out of, and within your organisation.
- Assessment of current data protection policies, processes and procedures.
- Review of your accountability and governance structure including records of processing activities (RoPAs) and data protection impact assessments (DPIAs).
- Alignment with the new Data Use and Access Act (DUAA) 2025.
- Review of data protection contracts including data processing agreements, data transfer agreements and data protection clauses within other contracts such as SaaS agreements and employment contracts.
- A written audit report with a traffic light (red flag review)actionable and prioritised remediation plan.
What we need from you:
1
Any issues you’re concerned about.
2
Copy of current processes.
3
Point of contact within your organisation.
Costing structure
Final pricing subject to scoping discussion.
Small Organisations | Medium Organisations | Large Organisations |
From £4,000 | From £6,000 | From £12,000 |
Up to 5 processing activities | Up to 15 processing activities | Unlimited processing activities |
Understanding of data flows | Understanding of data flows | Understanding of data flows |
Audit of primary internal policies | Audit of all internal policies | Audit of all internal policies |
Key third-party data sharing review | Key third-party data sharing review | Key third-party data sharing review |
Full DUAA compliance check | Full DUAA compliance check | Full DUAA compliance check |
Comprehensive remediation report | Comprehensive remediation report | Comprehensive remediation report |
Data (Use and Access) Act (DUAA) 2025.
Our audit process is fully aligned with the ICO Data (Use and Access) Act 2025, ensuring your organisation meets the latest UK statutory requirements. We evaluate your updated complaints handling procedures, or help you create and implement one and check your Marketing Preference Methodologies in light of the increased fining powers under the Privacy and Electronic Communications Regulation (PECR) introduced by the DUAA 2025.
Why choose us
We are a solicitor-led organisation with over 25 years’ experience in data protection and privacy law. We’ve negotiated several contracts including SaaS agreements, pharmaceutical, licensing, finance and travel and can offer fast turnaround times.
We’ve worked with organisations across multiple sectors including WarnerMedia, Yum! Brands, Burberry, Expedia and Société Générale on contracts and we’re confident we can help you.
Book a scoping discussion
Speak directly with a data protection solicitor +44 (0)79769 39016 (9:00 am – 6:00 pm UK time). If you would like us to call or email you, please leave your details, and we will be in touch.
Westbrook Data Protection Services Limited, 2nd Floor, Midas House, 62 Goldsworth Road Woking, Surrey, GU21 6LQ
View our Privacy Policy here
Explore more data protection & privacy services
Our team have a deep understanding of the following areas of law and continue to add value to our clients’ businesses.
Latest Insights
- Changes to employment law and the rise in Subject Access Requests
Changes to employment law and the rise in Subject Access Requests Employment Rights Act From […] - Court of Appeal’s Ruling on strengthened data privacy rights
Farley v Paymaster – Court of Appeal Boosts Data Subjects’ Rights to Compensation for Non-Material […]