About Us

data protection 4 business


At Data Protection 4 Business we support your organisation with compliance in the EU General Data Protection Regulations and UK Data Protection Act 2018.  We offer data protection consultancy services onsite, online, or outsourced according to your needs and budget.


Our clients are small and medium-sized businesses.  We specialise in start-up technology companies, schools, medical practices, and larger sports clubs.  In short, organisations who need simple, effective, and affordable solutions for GDPR compliance.


We are small enough to care yet big enough to offer a wealth of knowledge and solutions to our clients.


Online, Onsite, Outsourced

Our data protection services are designed to be delivered in a practical manner that meets your needs.


Consultancy services – Onsite or offsite

Outsourced Services – DPO as a Service or Annual Audit & Advice only

Online Training – for a range of topics


If your team needs onsite support, we can provide this.  Or if you prefer to keep costs low, we offer offsite services delivered virtually, through online meetings, shared documents, affordable technology, and useful online training courses.



We take a hands-on and practical approach to ensure your business meets the requirements of the regulations. We walk you through the operational and data management changes for personal data that you must have in place.


We don’t use a sledgehammer to crack a nut – we put in place what is needed based on the type of services you offer. This means we assess the data risks applicable to your business and work from there.


On your side

We are on your side.  Our mission is to lessen the burden on small and medium-sized businesses in complying with the Data Protection regulations.


We believe that small and medium-sized businesses carry an unfair burden to comply and keep up to date with regulatory changes and the trends in effective data privacy and security.


We help by providing affordable consultancy services, prepared templates, advice on technology solutions, as well as online training courses to ease the compliance burden.  This means you meet your responsibilities under the regulations on a continual basis.


Pragmatic simplicity

Data protection regulations can be confusing. There is jargon.  There are myths.  These can be unhelpful and confusing.


We take pride in keeping things simple.  We offer our clients SMART solutions which are specific, measurable, achievable and relevant to the needs of their business.  Then we work with you to implement the changes in a timely manner and in a flexible way, depending on your budget.


Our years of experience has helped a wide range of organisations implement change into their operations.


We know more than a bit about creating procedures, operational processes, data mapping, data flow, effective data management, and the best IT systems for managing personal data in a GDPR compliant manner.


We do the legwork

You need to be kept up to date with the latest guidance from the relevant Information Commissioner, in the UK, this is the ICO.


We are at the forefront of the data protection community keeping abreast of developments, liaising with the Information Commissioner’s Office so that you don’t have to.


Collaboration with the wider community

You’re not alone in this. Many of our clients share similar data protection issues so we work with the wider data protection community to pool our knowledge and provide you with the best solutions on an ongoing basis.


We are members of the International Association of Privacy ProfessionalsData Protection Forum, Information & Records Management Society and the National Association of Data Protection Officers.


We attend industry events arranged by the ICO and World Data Protection Forum and are proud to be engaged with the Data Engineering and AI communities working together with them to build privacy solutions into our digital and AI futures.


We work with a range of partners and associated specialist companies who offer:


  • Legal advice on GDPR –revision of contracts and HR requirements
  • Technology companies providing software solutions for compliance
  • Specialist sector partners to build online training courses for medical practices, clubs, tech start-ups
  • IT Security & Cyber Security solutions
  • Insurance protection for GDPR against Data & Cyber Breaches




We keep Data Protection SIMPLEOur approach is SMART.


We do the legwork.  So you don’t have to.

Everything you need.  Nothing you don’t.



Be Data Smart. Be GDPR Compliant. Data Protection is here to stay.


Karen Heaton

Karen founded Data Protection 4 Business to provide hands-on  implementation services and training to help SME’s become and maintain compliance with the new EU General Data Protection Regulations and UK Data Protection Act, which came into force in May 2018.


With a background in Financial Services and Technology, Karen has over 20 years of business, change management and systems implementation experience in the UK, Europe, Australasia and the Caribbean.


Karen has been responsible for managing multi £m change and regulatory projects embedding new technology, data and operational processess into a variety of Banks, Wealth Managers and SME’s.


Awarded a Distinction in her MBA, Karen is a Certified Information Privacy Professional Europe (CIPP/E) and Certified Information Privacy Manager (CIPM).  In addition, she holds practitioner certifications in: Programme Management (MSP);  Project Management (PMP & Prince2).  Karen is also a Fellow of the Chartered Management Institute and has published a study on software projects.