GDPR & Privacy Policy

At Straightforward Consultancy, we understand that your privacy is important and are compliant with the General Data Protection Regulations which take effect on 25 May 2018. We will treat any personal data which we hold, or that you provide to us as confidential and it will only be used to enable us to provide our services and maintain appropriate company records. We promise to look after your personal data and we will never sell this information to any other party.

Straightforward Consultancy GDPR Policy


  1. 1. General statement
  2. 2. Awareness
  3. 3. Information We Hold
  4. 4. Communicating Privacy Information
  5. 5. Individuals’ Rights
  6. 6. Subject Access Requests
  7. 7. Lawful Basis For Processing Personal Data
  8. 8. Consent
  9. 9. Children
  10. 10. Data Breaches
  11. 11. Data Protection by Design and Data Protection Impact Assessments
  12. 12. Data Protection Officers
  13. 13. International

1. General statement

Straightforward Consultancy takes data protection and client privacy very seriously and has always taken great care to ensure that both physical and electronic records of client information are maintained in a secure environment or disposed of securely, and this will continue under the new General Data Protection Regulations (hereafter referred to as GDPR) from 25 May 2018.

2. Awareness

All of the employees within Straightforward Consultancy are aware of GDPR and that it requires a higher standard than the Data Protection Act 1998, with which Straightforward Consultancy were also compliant.

3. Information We Hold

As we offer a business to business (B2B) service to our customers, we do not hold sensitive data, such as personal email addresses, home addresses, home phone numbers or personal mobile phone numbers, however we do hold what is classified as “personal data”, even though this is limited to individual’s names, business email addresses, business addresses and business phone numbers.

4. Communicating Privacy Information

We have updated our current privacy notice which is posted on our website Under the new regulations, we would be classified as a data controller as we determine the use of the personal data which we collect, although this is limited and used only to allow us to carry out the services we offer to our customers or potential customers with whom we have historically been in contact to offer our services. We will never sell or pass on customer data to other companies for processing or commercial use and do not currently carry out any direct email marketing campaigns using prospective customer data which may be available commercially. Our business development is generally conducted on a case by case basis via sales leads or referrals and this will continue as before, whilst being mindful of the GDPR regulations.

5. Individuals’ Rights

We have reviewed our procedures to ensure that our policies cover individuals’ rights.

6. Subject Access Requests

Should one of our customers approach Straightforward Consultancy with a subject access request, we will be able to advise them what information we hold on file (which will be held in separate files per customer) and more importantly, our systems will tell us exactly where this information is located.

7. Lawful Basis For Processing Personal Data

As per the guidelines laid out by the Information Commissioners Office, our lawful basis is:-

(b) Contract: the processing is necessary for a contract you have with an individual, or because they have asked you to take specific steps before entering into a contract.

8. Consent

Given the nature of our business and that we are in contract with our business customers to offer a service, we have reviewed the lawful basis for consent and believe that formal request for consent is not necessary as per below

(b) Contract: the processing is necessary for a contract you have with an individual, or because they have asked you to take specific steps before entering into a contract.

9. Children

We do not have any engagement with children in our business, we are dealing business to business and dealing with employees of UK businesses.

10. Data Breaches

We have our own IT equipment where data is stored and all computers and mobile devices are password protected. We also back up our business data online and on premise via physical back-up drives. We operate in a secure and locked environment and have a record of what IT equipment we use and what have on site. We use leading companies including Apple, Microsoft and Carbonite to store and back up our business data and have checked that these organisations are or will be GDPR compliant by 25 May 2018 and that they will automatically notify us should they suffer a data breach which affects our own customer data. We will in turn notify the ICO if we suffer a data breach.

11. Data Protection by Design and Data Protection Impact Assessments

As we are not a) deploying new technology, b) running profiling operations or c) processing on a large scale, special categories of data

12. Data Protection Officers

We are a micro-SME and do not consider our business large enough to warrant the designation of a Data Protection Officer, however our lead contact on GDPR will be Andrew Cliff

13. International

Straightforward Consultancy operates in the UK alone and provides services for UK registered businesses so Article 29 does not apply.


Our website uses cookies. Cookies are text files containing small amounts of information which are downloaded to your device (your computer, laptop, tablet, mobile phone) when you visit a website. Cookies are then sent back to the originating website on each subsequent visit, or to another website that recognises that cookie. Cookies are useful because they allow a website to recognise a user’s device.

Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

Our website uses traffic log cookies to identify which pages are being used, and this helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not.

A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

You can find more information about cookies at:

Recent Tweets