UK GDPR Support For Cultural Organisations

Demystifying GDPR for UK cultural organisations with clear, practical support – from audits and policies to confident, sector-specific staff training

We help arts and cultural organisations across the UK navigate UK GDPR and data protection with clarity and confidence. Whether you’re auditing data, reviewing policies, or training staff, we offer practical support tailored to your needs.

Data Audits and Risk Assessments

We begin with a discovery phase to understand your current data practices. Through interviews and documentation reviews, we identify gaps and provide a clear action plan.

If you’re writing a Data Protection Impact Assessment or Legitimate Interests Assessment, we’ll guide you through the process and ensure your documentation is proportionate and robust.

Privacy Notices, Policy Reviews, and Supporting Documentation

We help you review and update internal policies so they’re in plain English, compliant, clear, and fit for purpose. If you’re missing key documents, we offer bespoke templates, including:

  • Records of Processing Activities
  • Privacy Notices
  • Data Protection Policy
  • Data Protection Impact Assessment
  • Legitimate Interests Assessment
  • Data Breach Policy and Process
  • Subject Access Request Policy and Process
  • Data Processing Agreements

Staff Training and Workshops

Build team confidence with plain English, jargon-free training. We tailor sessions to your organisation – from introductory overviews to in-depth workshops.

  • Introductory sessions on UK GDPR and data protection
  • Data Protection Officer (DPO) training programme
  • In-depth workshops tailored to your team’s needs
  • Bespoke packages for different departments or roles

Retainer Support

Need ongoing advice? Our retainer service gives you regular access to expert UK GDPR support for cultural organisations.

We’re proud to be retained by the Royal Shakespeare Company – providing weekly guidance, policy reviews, and chairing internal working groups.

Contact Us »

In the Spotlight

Royal Shakespeare Company

We’re retained by the Royal Shakespeare Company to provide weekly UK GDPR support for cultural organisations. Our work spans the entire organisation – offering day-to-day advice, guidance, and hands-on support to staff. We chair monthly internal working group meetings, review existing policies and processes, and help establish new ones. Every week brings new challenges, which we work through together with clarity and care.

Kate is such a brilliant resource right across the whole organisation, slotting into all key departments and functions. Her knowledge in all areas of UK GDPR means we are able tap into her incredible, extensive sector specific and legislative knowledge.

She is solution focussed, works efficiently and at speed ensuring she flags issues to us before we even know there is an issue. She works in a really collaborative way and is a pleasure to work alongside as a colleague. I can’t recommend her highly enough.

Director of Audiences and Marketing

Opera Holland Park

We worked with Opera Holland Park to review their data protection practices. After meeting with staff across the organisation, we delivered a summary report and action plan for improvement. We also carried out a top-line review of existing documentation and provided clear recommendations. Since then, we’ve supported them further – completing a full privacy policy review, updating their data protection policy, and providing a full suite of bespoke templates to strengthen compliance and staff confidence.

Kate has given us the stepping stones to turn what was a daunting feat into a walk in the park. While we still have a long road ahead of us, her expertise in all aspects of GDPR and her willingness to go above and beyond in providing advice and ensure the services she provides are airtight and thorough is nothing short of excellent.

From her original role in providing freelance advice right through to full on policy drafting, her collaborative nature and personable demeanour are refreshing in an otherwise heavy subject matter, and we cannot recommend her services highly enough!

We look forward to working with Kate at any opportunity presented to us and hope many others enjoy taking the journey to compliance with her too.

Head of Ticketing and Customer Insights

Ideas Test

We delivered bespoke DPO training to Ideas Test, tailored to their operational context and team roles. As part of our UK GDPR support for cultural organisations, the programme covered four key areas: an introduction to data protection, the role of a Data Protection Officer, core documentation, and key risks. The session combined practical guidance with sector-specific examples, helping staff build confidence, clarify responsibilities, and apply data protection principles across the organisation.

Kate’s training is truly excellent. Complexities were made clear, and her delivery style is inclusive and approachable. Our sessions together have significantly increased my understanding and confidence around all things data! If you’re looking for expertise around applying data protection legislation in your organisation, Kate should be your go-to.

Operations Manager