GDPR Systems – Working with franchisors and franchisees to protect their brand

We are franchising specialists when it comes to data protection.

Our clients are franchisors and their franchisees and we work closely with both to ensure that they are meeting their legal requirements.

By and large franchisors tend to get to a certain level with their own data protection and, as the legal responsibility for data protection lies with the franchisee, the franchisor will tend to leave them to sort out their own.

Franchisees are normally very busy growing their business and they often think that the responsibility for data protection lies with the franchisor.

For the ones that do realise it is their responsibility, they often need some help as to what needs to be done. Put simply – a privacy policy simply doesn’t cut it!

Want to know more? Give us a call or email us on Tel:01865 600 410 |

What’s Involved?

Our process is very simple:

1) We set up you as the franchisor with your own GDPR Management System

2) We arrange one to one consultancy sessions with you and your team to educate you about data protection, and complete your system/s so that you can demonstrate and manage your own legal responsibilities

3) We set up every franchisee with their own GDPR management system/s

4) We arrange ongoing one to one consultancy sessions with EVERY franchisee to educate them about data protection and complete their system so that they can demonstrate and manage their legal responsibilities

5) We then work with you to create your own GDPR overview system which gives you a bespoke view of your WHOLE network – you can see potential risks, support your franchisees, report accurately to the board and provide additional value to your network

How does this benefit you and your franchisees?

  • Saves you time. Making sure each franchisee is meeting their legal requirements is a lengthy and time-consuming process. 

We do all that work for you

  • Gives you Understanding. Our process makes sure that you are aware of EXACTLY what is going on with your data across the WHOLE business AND your franchisees understand as well.
  • Identification of risks. As we are speaking to all of your franchisees we will be able to identify risks to your brand that you never even knew existed.
  • Instant reporting. Once your franchisees are up to speed with the system/s you will be able to activate your management overview system. This means that you will be able to audit/report/identify risks/manage at the touch of a button.

This leaves you more time for your franchisee to run their business and make more money for them and you

  • Unique added value consultancy. As we work one to one with your and each of your franchisees, you essentially get a one to one consultancy service – at no additional cost to you.

Who do we work with?


Asset Lists

A key part of the GDPR is knowing where personal data sits in your organisation. Our OFFICE system enables you to create comprehensive asset lists of both digital and non-digital assets which serve as the bedrock of your data protection accountability. For CCTV the system enables you to document all of your cameras and storage devices (NVR/DVR) in a simple and logical manner.

Data Flows

Understanding how personal data flows through your organisation is a critical component of the GDPR and for most of our clients it is the most challenging!

With our systems you will be able to document where you get your personal data from, where it goes internally and ultimately where you send it thereby understanding in great detail the complete eco system of data flows that your organisation undertakes.


Assets are key – but your people are more important. Both OFFICE and CCTV systems enable you to document all personnel who have access to personal data both inside and outside of your organisation. We then ask you to assign each person to the relevant asset as this ensures that you have a record of accountability which can easily be traced should the need arise.

Personal Data

Knowing what personal data you process is absolutely critical to your GDPR accountability and transparency. You will be able to assign which personal data is linked to each asset AND tie it in with the relevant person that has access to it.

Lawful Bases

For each use of personal data you are required by law to choose an appropriate lawful basis in order to process correctly. Our systems enable you to choose simply and easily which basis you deem as the most appropriate – and then provide evidence of this choice.

Digital Security Gap Analysis

Knowing where to focus your attention is key to your ongoing data protection responsibilities. Our simple traffic light system enables you to see at a glance where the key security issues lie thus enabling you to prioritise which of your systems need immediate attention.

Supplier Management

If your organisation is a data processor or joint data controller, you will be required to evidence that you have all relevant contracts in place with your data controller.

If you are a data controller you will need to be able to evidence that you have documentation in place which informs all of your suppliers what you expect from them and/or what they have in place from a GDPR perspective.

Our systems enable you to upload the relevant contracts  for your ease and convenience.


For ease of reporting to senior management or your supervisory authority we have created 3 reports for your benefit.

  • Accountability – Engaging with the GDPR creates a lot of information – this report distils that information into relevant summaries of the key information required – it identifies your inbound and outbound data flows and includes each use of personal data, which data is included, your purpose for using it,  your chosen lawful basis, your retention period and where you send the data.
  • Gap Analysis – being able to see at a glance where the gaps are in your OFFICE system as a whole is critical to the smooth ongoing management of your GDPR responsibilities. Our Gap Analysis report enables you to see which assets need attention, which personnel need assigning and which personal data fields need attention.
  • Personal Data Locator – when a request for information comes into your organisation, you need to be able to move quickly to answer the request or question. The Personal Data Locator report will tell you where each type of personal data that your organisation processes is held or used. This could be on an asset or in a data flow. You can also choose to only find data that relates to children should you need to.


  •  Creation – One of the key responsibilities that your organisation has is to have up to date relevant policies and procedures. Each of our systems gives you bespoke documentation which includes a breach management policy and procedure, subject access request documentation, privacy policy and for CCTV a public notice document. All documentation is updated automatically as you use the system so you don’t have to worry about trawling through old paper documents to try and update them every year!
  • Upload – Of course you may have already spent lots of money on having your own documents written so we give you a place to store all of your relevant data protection documentation so that you don’t have to move the water cooler to find the policy you are looking for!

Unlimited Users

There are different people with different levels of access to personal data within your organisation. Some will need access to your OFFICE or CCTV GDPR System and others won’t even know it exists! We don’t want you to be hamstrung by this, so you have the opportunity to add unlimited users to enable you to demonstrate full transparency and accountability. You can even add outside suppliers to the system (IT company for example) so that they can populate the system with the information you pay them to know and then you can delete them afterwards.

Bespoke Management overview Facility

If your organisation has many different locations or departments it represents a data protection management nightmare. This system enables your DPO or organisations lead on data protection to access, view and report at a granular level on your organisation as a whole whilst being able to drill down to each site’s specific progress with their data protection responsibilities.

Want to know more? Give us a call or email us on Tel:01865 600 410 |