Data Protection Officer

After undertaking a data protection audit for a federation of GP practices and walk in centres, we were appointed as their external data protection officer. Each practice continues to have a data lead. We deal with data protection queries and problems which the data lead may encounter and either requires assistance or a second opinion. Issues have included where there appears to be conflicting guidance on confidentiality and GDPR or Caldecott Principles and GDPR.

We have also drafted data sharing agreements and processor agreements and assisted with a practice merger.


We carried out a full data protection audit for a firm of accountants. We drafted new data protection policies and procedures bespoke to their business.

We provided GDPR training for the partners and staff members. A data protection officer was not required for this business, but we were on hand for 6 months following the work, liaising with their data lead to answer any queries and to ensure smooth implementation of GDPR requirements.

Sourcing new service providers

We were approached by one of our retirement organisations with over 50,000 members to identify a particular product which they wished to offer their members.

We researched the market, identified the key providers and interviewed each one. We carried out due diligence and made a recommendation to the national executive committee. Following our recommendation, the provider was engaged. We handled the legal aspects of the relationship and continue to assist both the service provider and the organisation to develop their relationship.

Creating a members’ benefit scheme

An organisation with 10,000 members approached us to help create a members’ benefit scheme. We worked with their national executive and created a programme of benefits and services which would best suit their membership.

We introduced service providers to the organisation and  handled the legal aspects of the relationship. We worked with the marketing teams providing support and assistance where necessary. The organisation now benefits from an increase in membership and an income from those benefits and services purchased by members.

Training on Confidentiality

We were invited to attend a national conference of mixed faith clergy and to train delegates on the law of confidentiality. The training course was bespoke to the organisation and provided a comprehensive understanding of the law of confidentiality and potential conflict with GDPR, and the Human Rights Act within the framework of the delegates’ professional code.

Throughout the training, delegates were invited to ask questions and discuss issues they had encountered.

At the conclusion of the session, the delegates had a greater understanding of how to overcome the challenges which they could face in the future.

Trustees’ Training

We were contacted by a trustee of a trust to provide training to twenty trustees.

We considered their trust and governance documents, and wrote a bespoke course incorporating case studies relevant to the trust.

The training was interactive and dealt with the trust’s goals, trustee’s duties at common law, statute and trustee’s fiduciary responsibilities. The training also considered factors and criteria which are required in the decision making process.

The use of bespoke case studies ensured the delegates learnt through discussion and examination of different scenarios.

At the end of the training, the trustees had a working knowledge of their duties, responsibilities, and liabilities.

Organisational and Constitutional Issues

A large member organisation asked for advice on restructuring. This required a detailed understanding of the organisation, their aims and vision for the future.

At a number of senior level meetings, we advised on the various structures available, documentation required and the process to be followed. We were able to guide and support the organisation and attend meetings with the organisation and their lawyers.

GDPR Issues

A national charity had been advised to contact all donors to obtain consent to allow the charity to continue to contact them in the future. The charity had been told if they did not have specific consent from the donor, then going forward the charity could no longer contact them.

Only 10% of the charity’s donor list responded to the request, dramatically reducing potential future donations.

The charity’s fundraising officer contacted Affinity Resolutions and after meeting with their senior management we were able to advise that this was incorrect advice in their situation and provide them with a solution to their problem.