Top Tips for Choosing your GDPR consultant

With the introduction of new data protection legislation fast approaching, many organisations are sourcing outside expertise to help them reach GDPR compliance. In a world where most hadn’t heard of GDPR a year ago, there are now many businesses offering GDPR services and products. So how do you sort the good from the bad, and decide who entrust with such an important task?

Barrister and GDPR specialist Orlagh Kelly offers some advice on what to look out for in your GDPR consultant.


GDPR is first and foremost legislation. If you’re seeking to understand the impact new legislation has on your business, who do you usually ask? Legal experts. Look for GDPR advisers who have a deep knowledge and experience of data protection legislation and case law. Not just the new legislation, but the Data Protection Act 1998 too. Such are the complexities of the GDPR legislation you need someone who can interpret legislation easily, and translate how it applies to your business. 



GDPR brings ongoing obligations and liabilities, similar to health and safety or anti-money laundering legislation. Your GDPR consultant should be someone you can depend on going forward, rather than a short term solution. Look out for a partner who can safely guide you on the legislation, perhaps for years to come.



Should you suffer a data breach you will enter the difficult and draining scenario of being investigated by the Information Commissioner’s Office. A good GDPR partner will be able to defend your business for you. Having worked closely with your organisation and helped implement your GDPR compliance project, your consultant will be informed and able to launch your defence. Before you choose your consultant ask yourself if you are satisfied that they could advise and represent you if needed.



Last but not least, be wary of GDPR ‘experts’ who work hard to create the impression they have GDPR ‘expertise' as a precursor to selling. The publicity around GDPR has lead to many companies jumping on the bandwagon, providing GDPR ‘expertise’ as a sales tool, scaremongering clients into believing they can only achieve compliance through purchasing their products. In most cases it is possible to achieve compliance whilst working with an organisation’s existing systems, so if you are being given the hard sell, tread very carefully. The perfect GDPR consultant comes from a data protection background