Expert advice and tools for complying with GDPR

Maintaining your company’s compliance with the General Data Protection Regulation (GDPR) relies on robust processes to prevent breaches in the way you manage your client and employee data.

Companies rely on our proven forensic processes to carry out spot checks on data sets to identify and address potential breaches.


Discover if sensitive personal information is located in your structured and unstructured data including emails and email attachments and files stored on shared servers.


Take remedial steps to address potential breaches and use the insight to direct training and guidance for employees and continually improve procedures for managing data.


Introduce spot checks into your GDPR procedures and use to evidence compliance with the regulation and within your audit trail.

Get in touch today

Complying with GDPR

The General Data Protection Regulations came into force in May 2018. GDPR replaces the Data Protection Act and significantly increases the expectations of how organisations gather, use and protect their customers’ data.

The Information Commissioners Office has the power to impose significant fines on organisations that are not compliant.

The ICO recommends a 12 step programme for organisations to get ready for GDPR:

View the 12 step programme

How can CCL Group help?

Understanding what data you hold, with particular emphasis on Personally Identifiable Information (PII), is a key requirement of GDPR. For many organisations with data held in different formats and in different locations, it is a real headache to understand the data that you hold and whether it requires PII and/or PCI compliance.

With our expertise in digital forensics and our experience in managing very large data sets, we can access and deploy specialised software that can search, de-duplicate and tag large and complex data sets.

Sampling and auditing your data


This is the first step in removing the risk of data subjects being compromised if the worst happens in the event of a data breach. We start with a review of security and compliance with GDPR, and work with you to define criteria that will identify sensitive data stored within your IT landscape that breach the regulations. By beginning with an initial sampling exercise of your data you can understand the scale of a potential breach and remediation efforts required.

We then deploy software that will look for instances of Personally Identifiable Information (PII) and/or Payment Card Industry information (PCI) stored within structured and unstructured data including emails and their attachments, company databases and files stored in shared storage.

5 steps to revealing whether you are compliant with GDPR


We take a secure sample of your data whilst maintaining all original file attribute information to ensure traceability. 


Our experts process and index the data provided using proprietary techniques to identify instances of non-compliance, including Personally Identifiable Information.


We include a first pass review of responsive files to establish commonality for any false positive search results and exclude them accordingly. 


You receive a report outlining the processes undertaken, searches used and the locations of any ‘responsive’ files containing PPI for further consideration.


Our experts then securely wipe or return all data relating to the exercise and conclusion of the work completed.

Get in touch today…

Our experts are on hand to learn about your organisation and implement tailored solutions.

Keep one step ahead…


Get in touch