A Fact:

You have some work to do to stay GDPR compliant. You're an SME and you just want to keep inside the law by ticking some boxes so you can get on with business again. Minimum fuss, minimum cost.

"I just have an email list, does this really affect me?"

Every day we get this question from people searching for answers.

The answer is YES and you probably don't need a team of lawyers, you probably don't need days of consultancy, you probably don't need to make many changes to the way you're doing business...

"So what do I have to do?"

Joseph Borlase
GDPRi.co stepped us through the process covering off much of what we have to do, including a lot we didn't know about.
Read These

Whether you use GDPRi/co or not to help you get compliant, read this list and you'll be most of the way to home & dry when you've ticked them all off

(Click headers to reveal)

Whether you use GDPRi/co or not to help you get compliant, read this list and you'll be most of the way to home & dry when you've ticked them all off:

1: Prepare Privacy Documentation

There are a host of privacy statements that you need to present to your "data subjects" at different stages of doing business. These include things like your Legal Basis for Processing, Rights to Object, Retention Statements and various others.

GDPRi/co provides a simple step by step process for creating, editing and hosting your documentation. Suggested wording, deep links into the parts of the Regulations you might want to read and help and guidance wherever we can.
2: Deal with Data Access Requests

Got tools and a system for your data subjects to demand changes, erasure or access to their data, respond in the legislated time limit and keep an audit log of the whole thing?

Your membership includes a secure, encrypted ticket system where everything is recorded and logged automatically in your audit trail.
3: Declare your Data Recipients

You probably leak personal data more than you realise. That's OK as long as you've told your data subjects what's going to happen with their information. You still have to maintain clear records and logs of who gets what though.

GDPRi/co guides you through identifying, classifying and declaring your categories of recipients to your data subjects.
4: Record your Data Breaches

Did you know that any loss, destruction or exposure of data classes as a breach now? You don't have to report every breach to the Regulator, but you DO have to maintain an audited log. A breach can be as simple as accidentally deleting some staff phone numbers, it doesn't have to be an all-over-the-news-attack.

As part of your living data audit, all your breaches can be logged, recalled at any time. We even guide you through how and if you need to report to the Regulator.
5: Manage Your Recipient Contracts

Anyone you share personal data with needs to have a contract with you. Some you won't need to think about - companies like Sync, Dropbox, Office 360, Mailchimp, Shopify will all have big, expensive contracts in place. But for everyone else you'll have to have a contract on file somewhere.

We give you a private link to send to all your third party recipients to automatically gather contracts and log in your audit system.
6: Check Your Consents

Think you've got consent sorted wherever you ask for it? It's only valid if you get it in the right way.

We step you through each point you ask for consent so you can keep track of where work needs to be done.
7: Audit & Record Everything

A big part of the legislation is keeping track of your decisions and changes. It's another folder to keep up to date like your health and saftey log, complaints log or any of the other logs we run.

Everything that happens in GDPRi/co is automatically logged and recorded. Jump into your timeline at any stage and find out who took what action, changed which wording and so on.

We Show You

We show you what to do rather than giving you a huge pile of documents to fill in. Everything is laid out in a step by step Dashboard. Just complete each step and another one of your @TODOs is done.

We Guide You

Wherever possible we've included links into the Regulations where needed, links to the ICO, popup help, video and so on. We're also here to answer any questions where we can.

We Host You

Finally we host the whole lot in our fast, encrypted, secure data centers in the UK. Just link to your GDPR Register from your website, documentation or wherever you need.


Full Feature List


GDPRi/co Customer Comments:

Joseph Borlase
It was difficult to see how we'd find time to implement a GDPR plan even though we'd studied the regulations for some time. GDPRi.co stepped us through the process covering off much of what we have to do, including a lot we didn't know about. First run through took fifty minutes from start to finish for a set of documentation tailored to us and the tools we needed.
Lewis Henderson
Using GDPRi we avoided using costly advice from so called GDPR experts. What this service provides is actionable, easy to follow processes that give concise need to know information for each step. Achieved in a week what we couldn't over eight months of reviewing the legislation.
Elle Moss
I was feeling overwhelmed by the prospect of GDPR, when GDPRi/co was introduced to me (via the power of linkedin) I suddenly felt a rush of relief. As an established creative agency, being completely compliant is of utmost importance, GDPRi has made compliance and clarity possible ahead of the deadline.
Giles Hoff
As an SME and cutting edge travel business we need systems and procedures that are efficient and pragmatic. GDPRi is the perfect example of such a tool that is simple to use, makes us compliant with the rules and is also extremely cost effective.
Dave Baddeley
GDPRi's step by step method really just guided us on what we needed to get done instead of struggling with the documentation. As a FCA regulated company we have plenty of compliance to deal with in other areas, I can see that the automated audit trails are going to be very useful to tick those boxes.
Tim Cowan
As a boutique brand and digital agency, the GDPR hat fell to me to try and get to grips with and to ensure we were compliant before the May deadline.Not knowing anything about this area, I initially reached out to a number of so-called GDPR consultancy firms for advice, and on learning how the fees were structured, soon realised that we needed to find a more affordable solution. One that was easy to understand, transparent and manageable in-house. Boom! GDPRi was introduced to us via a mutual friend and made compliance and clarity possible ahead of the deadline.


How Much Does It Cost?

Take a seven day free trial and get GDPR Compliance off your desk. Get full access to all our tools, documents and your GDPR Register for seven days risk free.

£95 per year + £95 setup

If you decide your business would be better served by employing lawyers, consultants and developers instead, there are no hoops to jump through to switch off, just click a button before the trial ends and you won't be charged a thing.


Important: We'll send an activation link to this email address, so it must be one you can access. Emails with anything about 'GDPR' typically go to spam or other holding folders, so please check there if you don't receive a mail from us in the next couple of minutes (normally a few seconds).



Do I really need to do anything about GDPR?

Almost certainly. If you've got staff or customers, then you've got personal data in electronic or paper files. You’ll have to comply with the GDPR regardless of your company size, if you process personal data.

Nobody told me about it?

It's not been well publicised by the government since its introduction in 2017. There's a ton of information on the ICO's officla website now though.


Makes no difference - there will be some subtle changes in the way it's implemented, but as a whole - still here.

I don't hold any personal data? I just have a Wordpress site [etc]

You might be shocked by just how much personal data you are actually holding, or where you're sharing it. Taking the Wordpress site as an example : non generic email addresses from members / comments, IP addresses in logs, sharing data with webhosts, Mailchimp, Disqus and more.

Is there a requirement to use a service like GDPRi/co?

Absolutely not. You can read through all the government documentation and go it alone, you can employ lawyers or consultants (last consultant we spoke to was £700/day+VAT and said around 3-5 days for typical micro / small business) or you can just ignore the whole thing and hope for the best (please don't do the last one!!)

Can I continue to use my existing list?

Yes, but you still need to be compliant. You only need to send out one of those "please resubscribe" messages in certain circumstances though. That's outside of the kind of advice we can give you but lots of lawyers have posted an answer to that very question (Google : resubscribe consent mailing list gdpr).

My industry software provider says their software is GDPR compliant, so I'm sorted, right?

Maybe, but probably not (from what we've seen). Most software providers with well adopted platforms have made the bits of their software that you use compliant; but that's not everything that you as a business have to do. For example, we saw a booking system that had added ways to download, erase and update customer records more easily (making it easier for you to comply with 'Data Access Requests'), but that's just one piece of the puzzle.

Is there a free trial?

Yes! 7 days.

Why do you need my email address?

The email address because we need to be able to communicate with you for login details, make sure everything is going OK and so on. The system sends out those kind of transactional mails as required. All our product updates and so on are handled through Mailchimp so easy to unsubscribe.

Why do you need my credit card?

Three reasons. The honest one that nobody ever tells you is that when the free trial period is up, you're more likely to stick with, use and benefit from the service if you start paying for it. It also helps us verify your account and makes sure there's no interruption to your service. We don't charge anything until the free trial period is over; and if you cancel beforehand, you're never charged.

Is GDPR advice incluced in support?

Some things we can help with, others we can't. GDPRi/co is designed to help you get compliant. We work with legal teams, but we're not lawyers. If you suspect you need legal advice, don't take our word for it. That said, we've worked with the regulations in intimate detail for -ages-, have spent hours grilling the ICO (and even more hours listenting to their hold music) - so at the very least, we're good to talk to before you hit the legal bills.

How do I get support?

Email, chat (bottom right) if we're online (goes to email if we're not) are best. We're a small team so sometimes tricky on the phone, but the number's in the footer if you need it.

Will signing up automatically make me compliant?

No service, document, advisor can make you compliant - there's still work to do. We can't stop you doing bad things with your data, we can't help you secure your systems and so on. What GDPRi/co DOES do is help guide you through the process and give you tools to make complying as quick and painless as possible.

What's different about GDPRi/co v Everyone-Else?

We can't talk for everyone else of course. But our goal is to help get as many UK SMEs compliant with GDPR as possible. We're not a consultancy company. We're not interested in selling you the most complicated consutlancy on earth to make more money. Our business is about using technology, the knowledge and experience of the many, and clever systems to create a superb product at a very affordable price. We're in it for the long term, not a quick consulting job :)

Jeremy Tjebbes
Perfect solution to GDPR compliance for SME, seriously well done for making it simple!

Get & Stay Compliant:

GDPRi.co Limited
120 Pall Mall | St James | London | SW1Y 5EA
Registered in England & Wales #11015595 | VAT 281711313

Tel: +44 | 020.8064.0565