Apr 29, 2021 | Blog, Cyber Security, GDPR, ISO, PCI DSS

Happy third Birthday

Howard Freeman

Howard Freeman

For many new businesses, celebrating a happy third birthday is a key milestone. However, reaching three years is not easy to achieve. This week we celebrated our third birthday and we had the opportunity to sit and discuss what we did well and also what we did wrong. Perhaps right and wrong is not entirely accurate, better might be a more suitable word.

GDPR Compliance
A celebration with some of the team and a wonderful cake…mmmmm

The Beginning

The GDPR Compliance Consultancy was first conceived as an idea in late 2017. The major security vendors and automation businesses went crazy telling anyone who cared to listen that they had a sliver bullet to solve the GDPR problem. The real truth of the matter was that no one really understood the GDPR. Therefore, we elected to set out to understand the regulation from a risk perspective. By helping business manage data in a sensible, proportionate manner and with appropriate controls in place, we delivered peace of mind to SME’s.

My role at the time was to sell a security solution that was at best, a nice to have. However the solution was not business critical. However, the driver for the interest in the product was the forthcoming GDPR. As a result, during demonstrations of the product the conversations often turned to GDPR compliance. All it achieved was to close the gap between between the time of a breach and becoming aware if it to almost zero. As the regulation only required notification of a breach within 72 hours, the solution didn’t actually deliver compliance.

It was clear to me that there was a market for my services. Based on my data protection and regulation experience, I know I could help SME’s. The preparations were made, the company was formed and the business plan written. The latter would not survive for long as the market behaved differently than first expected but that is often the case. I then built our first web site.

The Launch

I finally took the plunge in late April of 2018. The timing wasn’t great as GDPR enforcement was just a month away. Many people said to me that I was too late entering the market. However, I persisted via referral networking and improving the SEO of the web site and the business started to build. We even did a free compliance pack for a local church which led to three superb referrals. We were off and running.

Building the Business

On leaving the corporate world meant there would not be a payslip at the end of every month. If I wanted to be paid, then I had to start winning business. As we started with almost no investment whatsoever, building the pipeline and sales was critical. To do this, we needed to talk to people about our offer. With no advertising budget, referral networking was the answer. I discovered Business over Breakfast (BoB) and Ian Morgan helped us a great deal and brought customers to us as well as spreading the word about us. We looked at other networks who shall remain nameless but our journey inevitably led us to the world leading BNI. Since then, we never looked back. BNI has been incredibly supportive and not only did we find clients within the group, but outside also. As we worked within BNI, we acquired clients all over the country and this helped drive our growth.

On the anniversary of our first year we won our biggest client at that time and it was a wonderful happy birthday. We would celebrate our second birthday in lockdown and in the strangest business environment ever experienced. However, it would be a happy birthday as the business continued its growth. This time it wasn’t just GDPR that helped fuel it.

Adding Services to the Portfolio

In year 2 it became clear that we had so much more to offer our clients and that they wanted us to provide. ISO accreditation was an often asked for service. Therefore, we carried out market research to assess the viability versus the required investment. We would go on to invest in training and people to cover five ISO accreditations and deliver certification for businesses. Other services includes Cyber Essentials, PCI DSS and Cyber Security Consulting. Cyber Essentials Plus is on the way as is IASME Gold Standard.

The Lesson

In arriving at our third birthday we looked back at the mistakes we made. We spent money on some advertising which simply didn’t work and was never going to. The referral networking groups that had hobby businesses in them or simply lack the structure to drive business. We joined the FSB and various chambers of commerce helped us along the way with small but important contributions. However, the most successful marketing we invested in was our web site for producing leads. We ensured that all pages were strong in SEO and we blogged twice a week. We ensured we used strong keywords and the articles were shared across social media in business interest groups and various platforms.

Talk to us

If you would like to know more about GDPR compliance then you can contact us on 03333 22 1011 or via our web site here. Alternatively you can book your free GDPR consultation directly with one of the the team here.


Can we help?