Data Protection
The practical support organisations need to understand and address data protection requirements
We embed in your organisation and work across teams to ensure you mitigate internal and external risks, comply with legal requirements, align to best practices, and protect your customers’ data and your reputation. We can help whether you are getting started, need large-scale support, or just need an expert opinion.
Benefits

Up to date compliance documentation
Achieve peace of mind that your statutory documentation and compliance materials are regularly reviewed and updated.

Organisation-wide assurance
Rely on our holistic approach to identify and mitigate risks across the organisation

Joined up approach between data protection and IT
Benefit from a signature methodology that blends legal and technical requirements in a holistic approach

Freedom to focus
Avail of extra resources for complex issues, time-consuming tasks and special projects.

Well-trained staff
Support your future compliance by accessing our select library of specialised training programmes
Service Portfolio
As more and more services, systems and processes move online, organisations are handling more data and sensitive information than ever before.Â
Our compliance support services help you make data protection an asset to your organisation, reducing your risk profile and supporting your staff to be an effective and reliable first line of defence.Â
Gap Analysis
When it comes to aligning to the GDPR, PECR, and other data-protection laws and regulations, a gap analysis is the best place to start.Our gap analysis process identifies and assesses existing company policies, procedures and practices, and detects what is missing to achieve better data protection compliance. It creates a solid roadmap to your organisation’s compliance maturity goal.
We will work with your team to understand your data processing profile and business practices, map your organisation’s data protection requirements, identify your strengths and weaknesses, and create an improvement plan.
The result will be a tailored, understandable, and practical report that outlines the key requirements and priorities to advance your compliance maturity.
Compliance SupportÂ
Data protection legislation requires that organisations demonstrate ongoing compliance. Â
We will work with you to create a compliance plan that maps actions to be taken across your organisation to improve your compliance profile. These actions might include:Â
- Developing new policies to close compliance gaps;Â
- Implementing regular documentation review, including related to data breaches, storage and retention, SARs and training;Â
- Assessing or developing data sharing agreements, data processing agreements, joint controller agreements;Â Â
- Identifying and implementing appropriate technical and organisational measures;Â
- Maintaining a library of Data Protection Impact Assessments;Â
You will achieve a portfolio of documentation that demonstrates compliance with legislation and helps you build a data protection culture across the organisation.Â
Data Protection Impact Assessment Â
Data Protection Impact Assessments (DPIAs) help protect you and your projects by identifying and help you mitigate data protection risks. In some cases, they are even legally required. Â
 We can help you develop your DPIA process to fit your organisation and the type of processing that you carry out. The DPIA process can be adapted to suit large scale projects or integrated as a business-as-usual process. We can support you by providing training and assistance to guide your team every step of the way.Â
The output will be a comprehensive assessment that demonstrates compliance and reduces risk to your organisation and your customers.
Training
Strong training and awareness-raising helps organisations to save time and resources as staff are ready to proactively assess and mitigate risks. Our data protection training enables organisations to:Â Â
- Build awareness within teams Â
- Implement data protection policies and procedures effectivelyÂ
- Prevent personal data breaches
- Embed mechanisms for risk monitoring and escalation Â
- Demonstrate good data governance and accountabilityÂ
Our training packages can be offered in a variety of formats and tailored to your organisation. They can cover multiple topics, from the standard GDPR and Data Protection Act 2018 training to more tailored marketing training (ePrivacy, PECR, etc.). From general knowledge sharing to practical, tailored workshops, your employees will become confident in dealing with data responsibly.Â
Audits / AssessmentsÂ
Compliance is an organisation-wide challenge. With different departments depending on each other to meet compliance goals, it is essential to ensure that there is a holistic strategy in place to meet data protection requirements and information security needs.Â
Our audit methodology can assess specific systems, or the organisation as a whole, to provide assurance that the policies and procedures in place are appropriate and that everyday practice is aligned to them.Â
Our audits and assessments take account of your organisation’s unique compliance profile, providing you with evidence of good practice and identifying how your organisation can improve compliance into the future.
Outsourced DPO/DPMÂ
A Data Protection Officer or Data Protection Manager can be an essential support in building and maintaining data protection compliance. However, it can be a challenge to find these resources within your organisation.Â
Our external DPO/DPM service closes this gap by providing an end-to-end compliance support service, providing advice, building & maintaining policies, procedures and documentation, supporting good practice in DPIAs, communicating with data subjects and external stakeholders and managing breaches and investigations.Â
Your organisation will have access to some of the most experienced advisors in Europe, who will work in partnership with you to reduce your risks and improve your practice.Â
SAR Support Â
Effectively responding to Information Requests from individuals and other interested parties has emerged as an area of increasing burden for organisations in many industries, requiring a significant resource investment and disrupting other compliance responsibilities.Â
Our SAR Support service provides practical, expert guidance and excess capacity to support your team. Â
We cover all phases of Data Subject Access Requests and other individual rights requests, from the analysis of documentation to de-duplication, classification, redaction, and delivery. We also support exemption identification and application alongside other regulatory requirements.Â
This service will enable you to minimise your organisational burden while ensuring that the rights of individuals are upheld
Crisis supportÂ
Crises are complicated. They require swift action and a firm hand to ensure minimal impact on the organisation from a financial, reputational, and regulatory perspective. Â
Our team of experts is available all year round to assist you in scoping, managing, and resolving regulatory and public image crises deriving from incidents, breaches, public attention from the press, and many more. Â
We help you investigate the issue, involve stakeholders, draft communications to the supervisory authorities, data subjects, and the public to ensure that your remedial actions have maximum impact.Â
Data Security SupportÂ
Data protection law requires that you demonstrate sufficient technical and organisational data security measures. However, many data protection professionals lack confidence in assessing technical documentation and IT protocols.Â
Our Data Security Review service is built on the well-established CIA Triad – Assessing the Confidentiality, Integrity, Availability and overall resilience of your organisation’s information systems. It integrates elements from ISO 27001 requirements, the ISO 27701:2019 extension on Privacy Information Management and national requirements. Â
This assessment will provide you with assurance that your information security function is providing sufficient support to your data protection programme. For more information on our cybersecurity services, click here.Â
Data Transfer Impact Assessment
International data transfers are intrinsically risky for organisations that are active internationally. Data flows involve security, organisational, and privacy compliance risks that should be mapped and addressed.Â
Our team helps you map your international data flows, including detecting which countries require enhanced assessment and attention. Â
We assess the regulatory context in transfer-destination countries to determine whether your customer data is safe when accessed or stored there. Â
Both when the data transfer can go ahead or not, our team helps you draft the required accountability documentation, to ensure that any complaints or investigations are swiftly addressed and closed.Â
Register of Processing ActivitiesÂ
Having a good ROPA in place is not only a statutory requirement for most organisations, but it is also an excellent way to map data processing activities and identify weak points, further requirements, and areas that require attention or action. Â
We will help you define an action plan to complete this complex activity and conduct interviews with internal company functions with or for you.Â
We then help you flag missing compliance items, as well as define and design any process changes that you may need to implement in the short, medium, and long term to ensure that these are tracked and accomplished.Â
DPO Assist Â
Our DPO assist service allows your internal DPO to carry out day-to-day data protection activities, while relying on our specialist support for additional labour, new challenges and complex situations when needed. Â
The DPO assist gives you access to specialist support on a need-to basis on data protection and data governance issues, including new challenges and complex situations.Â
Our gap analysis process identifies and assesses existing company policies, procedures and practices, and detects what is missing to achieve better data protection compliance. It creates a solid roadmap to your organisation’s compliance maturity goal.
We will work with your team to understand your data processing profile and business practices, map your organisation’s data protection requirements, identify your strengths and weaknesses, and create an improvement plan.
The result will be a tailored, understandable, and practical report that outlines the key requirements and priorities to advance your compliance maturity.
- Developing new policies to close compliance gaps;Â
- Implementing regular documentation review, including related to data breaches, storage and retention, SARs and training;Â
- Assessing or developing data sharing agreements, data processing agreements, joint controller agreements;Â Â
- Identifying and implementing appropriate technical and organisational measures;Â
- Maintaining a library of Data Protection Impact Assessments;Â
Data Protection Impact Assessments (DPIAs) help protect you and your projects by identifying and help you mitigate data protection risks. In some cases, they are even legally required. Â
 We can help you develop your DPIA process to fit your organisation and the type of processing that you carry out. The DPIA process can be adapted to suit large scale projects or integrated as a business-as-usual process. We can support you by providing training and assistance to guide your team every step of the way.Â
The output will be a comprehensive assessment that demonstrates compliance and reduces risk to your organisation and your customers.
Strong training and awareness-raising helps organisations to save time and resources as staff are ready to proactively assess and mitigate risks. Our data protection training enables organisations to:Â Â
- Build awareness within teams Â
- Implement data protection policies and procedures effectivelyÂ
- Prevent personal data breaches
- Embed mechanisms for risk monitoring and escalation Â
- Demonstrate good data governance and accountabilityÂ
Our training packages can be offered in a variety of formats and tailored to your organisation. They can cover multiple topics, from the standard GDPR and Data Protection Act 2018 training to more tailored marketing training (ePrivacy, PECR, etc.). From general knowledge sharing to practical, tailored workshops, your employees will become confident in dealing with data responsibly.Â
Compliance is an organisation-wide challenge. With different departments depending on each other to meet compliance goals, it is essential to ensure that there is a holistic strategy in place to meet data protection requirements and information security needs.Â
Our audit methodology can assess specific systems, or the organisation as a whole, to provide assurance that the policies and procedures in place are appropriate and that everyday practice is aligned to them.Â
Our audits and assessments take account of your organisation’s unique compliance profile, providing you with evidence of good practice and identifying how your organisation can improve compliance into the future.
A Data Protection Officer or Data Protection Manager can be an essential support in building and maintaining data protection compliance. However, it can be a challenge to find these resources within your organisation.Â
Our external DPO/DPM service closes this gap by providing an end-to-end compliance support service, providing advice, building & maintaining policies, procedures and documentation, supporting good practice in DPIAs, communicating with data subjects and external stakeholders and managing breaches and investigations.Â
Your organisation will have access to some of the most experienced advisors in Europe, who will work in partnership with you to reduce your risks and improve your practice.Â
Effectively responding to Information Requests from individuals and other interested parties has emerged as an area of increasing burden for organisations in many industries, requiring a significant resource investment and disrupting other compliance responsibilities.Â
Our SAR Support service provides practical, expert guidance and excess capacity to support your team. Â
We cover all phases of Data Subject Access Requests and other individual rights requests, from the analysis of documentation to de-duplication, classification, redaction, and delivery. We also support exemption identification and application alongside other regulatory requirements.Â
This service will enable you to minimise your organisational burden while ensuring that the rights of individuals are upheld
Crises are complicated. They require swift action and a firm hand to ensure minimal impact on the organisation from a financial, reputational, and regulatory perspective. Â
Our team of experts is available all year round to assist you in scoping, managing, and resolving regulatory and public image crises deriving from incidents, breaches, public attention from the press, and many more. Â
We help you investigate the issue, involve stakeholders, draft communications to the supervisory authorities, data subjects, and the public to ensure that your remedial actions have maximum impact.Â
Data protection law requires that you demonstrate sufficient technical and organisational data security measures. However, many data protection professionals lack confidence in assessing technical documentation and IT protocols.Â
Our Data Security Review service is built on the well-established CIA Triad – Assessing the Confidentiality, Integrity, Availability and overall resilience of your organisation’s information systems. It integrates elements from ISO 27001 requirements, the ISO 27701:2019 extension on Privacy Information Management and national requirements. Â
This assessment will provide you with assurance that your information security function is providing sufficient support to your data protection programme. For more information on our cybersecurity services, click here.Â
International data transfers are intrinsically risky for organisations that are active internationally. Data flows involve security, organisational, and privacy compliance risks that should be mapped and addressed.Â
Our team helps you map your international data flows, including detecting which countries require enhanced assessment and attention. Â
We assess the regulatory context in transfer-destination countries to determine whether your customer data is safe when accessed or stored there. Â
Both when the data transfer can go ahead or not, our team helps you draft the required accountability documentation, to ensure that any complaints or investigations are swiftly addressed and closed.Â
Having a good ROPA in place is not only a statutory requirement for most organisations, but it is also an excellent way to map data processing activities and identify weak points, further requirements, and areas that require attention or action. Â
We will help you define an action plan to complete this complex activity and conduct interviews with internal company functions with or for you.Â
We then help you flag missing compliance items, as well as define and design any process changes that you may need to implement in the short, medium, and long term to ensure that these are tracked and accomplished.Â
Our DPO assist service allows your internal DPO to carry out day-to-day data protection activities, while relying on our specialist support for additional labour, new challenges and complex situations when needed. Â
The DPO assist gives you access to specialist support on a need-to basis on data protection and data governance issues, including new challenges and complex situations.Â

Why Trilateral Research?

In the crowded data-protection market, it’s hard to find real experts. We provide research-driven, evidence-based advice. Our team’s expertise exceeds the market standard, and >80% of our staff members have master’s or doctoral degrees.Â
The workload in data protection is not always predictable. We are flexible and ready to support your team when you need it most, helping you meet statutory deadlines where you would otherwise be unable to.Â
Every organisation is unique. Our approach relies on relationship building to get to know your organisation, your culture and your data-processing activities. The result is a service tailored to your organisation, with practical, actionable advice that is fit for immediate and easy implementation.Â
Data protection does not exist in a silo. Our team combines legal, cybersecurity, technology and social-science experts to fully address the technical and organisational aspects of data protection. Â
Commitment to Quality
We review quality regularly. Our data protection and cyber-risk services are consistently positively evaluated by our clients. We have a 100% renewal rate on multi-year contracts, alongside repeat business and referrals. To find out more, please contact our team.
Customers



























