Data Protection
IOLIS provides data protection advisory services to commercial organisations and regulated bodies, including outsourced Data Protection Officer (DPO) support, Data Protection Impact Assessments (DPIAs), and privacy notice and policy review. We advise on compliance with UK GDPR and the Data Protection Act 2018, including where personal data is used in or alongside AI-enabled systems.
What does data protection advisory support involve?
Data protection compliance covers how an organisation collects, uses, stores, and shares personal data, and what rights individuals have over that data. Our support typically includes:
- Outsourced DPO services, providing the independent oversight function required under UK GDPR without the cost of a full-time hire
- Data Protection Impact Assessments (DPIAs) for new processing activities, systems, or projects likely to result in high risk to individuals
- Privacy notice drafting and review, ensuring your organisation is transparent about what data it collects and why
- Policy review, covering data retention, subject access requests, and data sharing arrangements
- Legitimate interests and lawful basis assessments, particularly where processing is contested or historical data is involved
- Subject access request (SAR) support, including scoping what must be disclosed and where exemptions apply
- Data breach response advice, including notification decisions and documentation
- Complaints procedures, including the obligation under Article 12(4) of UK GDPR to inform individuals of their right to complain
Why data protection compliance still matters
Data protection obligations under UK GDPR have not gone away, and increasingly intersect with AI use. The ICO continues to hold that AI systems must not undermine individuals’ rights, regardless of whether an AI tool was developed internally or bought from a third-party vendor. Organisations that already have strong data protection practice are typically better placed to extend that thinking into AI governance, rather than starting from scratch.
Who this is for
This support is relevant for commercial organisations, regulated bodies, and public interest organisations that need either full outsourced DPO cover or targeted support on a specific compliance issue – a DPIA, a privacy notice rewrite, or a single complex subject access request.
Our style of support
Our advice is independent, practical, and grounded in law and operational reality. We do not assume every organisation needs the same level of process – some need a light-touch policy refresh, others need full DPO cover and ongoing assurance.
Talk to us
If your organisation needs DPO support, a DPIA, or a review of your current data protection position, we would be happy to discuss what support would be most useful. Find the best way to contact us here.
We also provide separate AI Governance advisory services, including AI risk assessments and acceptable use policies.