About Us

Joy Higham - Data Protection Practitioner

Joy Higham

Joy had an in-house career in IT support for marketing activity over ten years giving her a sound knowledge of the pressures that marketing professionals face in their day to day work and their need for quick solutions.

Since early in 2017 Joy has been involved in the Data Protection Consulting business.  Joy is a qualified Data Protection Practitioner and is experienced in all aspects of data protection and marketing ecommerce regulations providing advice, training, consultancy and DPO support.  Joy has particular experience in the education sector and helping small businesses meet the challenges of GDPR compliance. Joy’s other skills include research, analytical skills, project management, teaching, training and report writing.

Other areas of specialist knowledge include the property sector, professional institutes, recruitment consultants, charities, schools, manufacturing and the retail sector.  The variety of Joy’s work enables her to bring new solutions across sectors to support clients with pragmatic solutions to data protection and ecommerce compliance issues.

Mandy Webster

Mandy Webster is a lawyer with an in-house career spanning 15 years in the corporate world which developed an understanding of how businesses work and many of the key tasks in compliance, marketing, HR, facilities management, tax and finance and administration so clients don’t need to educate or explain these business operations and can rely on a good level of knowledge about routine business activities.

Experience as a compliance officer in financial service gave Mandy an understanding of how to demonstrate compliance for Accountability. Mandy’s legal background means that clients can rely on her interpretation and application of data protection law.

Mandy is author of several law books on data protection. The latest one “Effective Data Protection” published by the ICSA in 2011 highlights key approaches to data protection that pre-echo GDPR such as risk management and Accountability illustrating that Data Protection Consulting is in tune with developments in the world of data protection. Other books focused on specific sectors such as “Data Protection for the HR Manager” and “Data Protection in the Financial Services Industry” published by Gower demonstrating a good practical grasp of how data protection impacts on these areas.

Waves representing Managed waves of GDPR Data ready for toolkits and DPO Support Packages & Templates to download or buy

Interested in knowing how we can help? Then give us a call on 01482 659 074

Let’s Talk

If you would like information about how we can help, then please get in touch.



    Thoughts. Insights. Perceptions

    Risk not size is the frame of reference for data protection.

    “Big companies may have uncomplicated data processing activities, small companies can have extremely complex data process maps, especially “virtual” companies.  Data protection compliance activity needs to be based on the risk presented by data processing activities not the size of the organisation.”

    Failing to provide evidence of compliance is the current risk.

    The UK’s Information Commissioner has highlighted Accountability as an issue in a blog “Organisations should be doing more to achieve privacy accountability” on 5 March 2019 and in comments made to the Data Protection Practitioners Conference on 9 April 2019 when Accountability was described as the crucial change in data protection law:

    “Accountability encapsulates everything the GDPR is about.  It enshrines in law an onus on companies to understand the risks that they create for others with their data processing and to mitigate those risks.”

    Accountability means being able to demonstrate compliance.

    Accountability means establishing a compliance framework, documenting policies and procedures, establishing roles and responsibilities for data protection and carrying out regular compliance checks and documenting the findings.