I am Sarah Davies founder of theVirtualPrivacyExpert.com.  A service for companies, small and large, who want to ensure they operate not only within the law but also who care about how they handle and store their data.

Since 1998 we have been working with companies and individuals to help them operate within the UK Data Protection Act and more latterly GDPR and during that time things have changed considerably. Now we have to look at:

    • GDPR- EU General Data Protection Regulation
    • UK Data Protection Bill 2018
    • Privacy and Electronic Communications (EC Directive) Regulations 2003
    • Freedom of Information Act 2000
    • US Privacy Law – Privacy Shield
    • CAN-SPAM Act of 2003
    • PCI DSS
    • Regulation of Investigatory Powers Act
    • The Computer Mis-use Act
    • ISO 27001
    • Human Rights Act (particularly article 8)
    • International Data Protection Laws, EU, Asia, Africa and the US.


To name just a few!  With each of these acts, often including some cross over with another, it becomes challenging to make sure you operate inside each and every relevant law. Having had extensive experience in all of these areas for global companies and for Public sector bodies we are uniquely positioned to guide you through the data privacy minefield.

Many organisations are able to offer guidance on what the acts mean but few are able to give sound useful business advice that translates legal-ese and euro-speak into practical steps you can take within your business. And after all it is all about the business and not about just being complaint.

Today, as always, the challenge changes and the legislation moves on. The fines get bigger and the media focus on the few bad apples and make everyone out to be the bad guys but with some sound practical advice and simple action we can make sure you keep not only within the law, but keep your data secure and your business FREE of pointless processes.

One of the greatest areas of interest from our clients is GDPR which has been in force since May 25th 2018. The last 12 months before GDPR has meant a lot of our clients have been looking for us to help them by understanding what needs to happen to get them to a state of compliance. Since May 2018 the focus for companies has been to review what’s in place and see where the high risks still remain.

There is also a high demand from companies wanting to know what they really can or can’t (or should and shouldn’t) do when it comes to collecting customer and prospect data and then marketing to them. There are some widely misunderstood ideas floating around and what you seen done is not always what should be done, even by large companies.

Some organisations need ongoing support either from our ad hoc consultancy or held on a retained model where we become your virtual Data Protection Officer (virtual DPO). Take a look at the services below to find out more on how that works.

Contact us today to find out how we can work together either as and when your need arises or as part of our assurance package where you need never worry again about your data and how it’s being used. If you would like a GDPR assessment and report to show where you are on your GDPR compliance then we can help with that too.

Data Protection Officer

The responsibility for Data Privacy in many companies is left to the person who was out of the room or on holiday when it was decided! The responsible person is often called the Data Protection Officer (DPO) BUT, did you know not all businesses need one and certainly not all the time. If you need a qualified privacy professional and want to ease the burden on your team then use our DPO service. Find out how you can have as much or as little time as you need, when you need.

Advice & Guidance
Line and Services

Got question or a worry about data privacy? Whether it be contractual, email marketing, customer complaint, whatever it is drop us a line and we will give you guidance. Up to 30 mins free and often that’s all you need! We also offer more comprehensive services too.

Virtual & On Site

If you need some assurance about your existing data privacy protocols or perhaps you  have a need to get on top of a situation quickly, then we can help you. We offer a variety of on-site and off-site assessments and audits to meet your needs, timescales and budget.  Be it an audit, gap analysis, remediation, training or validation then its available here…


It still causes confusion and fear in some people and you’d be surprised how many businesses are not yet compliant. We have helped many companies around Europe to get compliant for GDPR and do it quickly, easily and in a way that makes sense for your business –  keeping it working, within the rules and without cutting of your pipelines or draining your teams precious time.