Some of Our Clients

About us

Personal data has a value, safeguard it with Data Protection Consulting.

We have been helping our clients with data protection and e-commerce issues since 1999.

Our principal, Mandy Webster, is a lawyer and former chartered secretary with an in-house career spanning fifteen years as a company secretary, compliance officer and business lawyer.

Mandy is author of "Effective Data Protection" and the ICSA "Data Protection Troubleshooter" published by ICSA Publishing Limited and "Data Protection for the HR Manager" and "Data Protection in the Financial Services Industry" published by Gower.  Mandy is a well-known writer, commentator and speaker on data protection. 

Mandy Webster of Data Protection Consulting
Credit: V Kane Photography

Why choose Data Protection Consulting?

Because data protection is our specialisation and our passion. It’s all we do. We specialise to bring you the best possible service.

Call us today to find out about our audit and advice services.


Tel: Mandy Webster on 01283 516 983

Our Experience

We offer data protection audit, advice and training to a range of clients from all sectors including financial services, the property sector, professional institutes, recruitment consultants, schools, manufacturing and the retail sector.  Clients include Clarion Housing Association, Sovereign Housing, Geoffrey Osborne Group, Curo and Housing for Women.

Some of the highlights of our work are described in case studies:

Case studies

Providing ongoing support and expertise

A client in the social housing sector requested support for a period of time following the loss of an employee whose data protection knowledge and expertise had been key to the compliant conduct of the business.  We had regular meetings with the client and provided online support in handling day to day issues such as requests from the Police or local authorities for access to personal data, handling subject access requests and responding to queries from the business.  During that time we helped to train compliance staff to take over the data protection compliance role.

Updating policies and procedures

Clients often ask us to revision their data protection policies and procedures and other procedures which impact on data protection compliance such as IT Security and Appropriate Use Policies, Call Recording Procedures, CCTV Policy and Procedures.  One client requested an update to reflect current guidance and practice while ensuring that policies were clear and unambiguous.  We worked within a capped budget and achieved the objective within the parameters set.

The bureau

A bureau which traced consumers on behalf of banks and other large institutions wanted to offer its tracing services direct to consumers but was prevented by the fact that it had only processed consumer data on behalf of others so it had no authority to process the personal data for its own purposes.

By requiring consumers to register to access the third parties trying to locate them (the banks etc) the bureau repositioned itself as the organisation in control of personal information. This meant that it could process the information for its own purposes as well as on behalf of its principals. 

Marketing activity was undertaken with strict adherence to consumer marketing preferences and data protection rights.

Responding to tenders for service provision

A client was asked in a tender document for a data protection policy statement.

Based on the company’s data protection compliance activity, we were able to adopt a positive position in the tender response. We included the company policy on data protection approved by the board and a robust statement about the compliance and information security audit activity we undertook to ensure that the company continued to meet its stated policy. We won the tender, it was a £1 million contract. 

Making tough decisions about breach reporting

In the UK reporting data security breaches is voluntary outside of the telecommunications sector.  Nevertheless the guidance from the Information Commissioner’s Office is that significant breaches should be reported.  We help clients assess the risks inherent in data security breaches and provide advice on the crucial issues of when to report breaches.


This website uses cookies to ensure you get the best experience on our website. By continuing to use this website you agree to the use of cookies. Read more …