Data Protection for

your industry

Pharmaceutical, Medicine and Medical

As statistically the largest offender on a global scale when considering patient data protection, we are well positioned to provide all the data protection expertise, services and solutions needed to protect sensitive patient data against a backdrop of global laws, and health regulations. Patients expect the privacy of the patient-doctor relationships to be continual and safe, and the physician-patient privilege to be binding. Because it is patient data it is considered sensitive information by most global laws. We provide industry specific assistance with global Health Information Acts (HIPAA, HITECH, HIPA, PIPEDA etc.) and the management of Personal Data as it relates to entities governed within this scope.

In the 3 months from July to September 2018, Australian Health Providers had 45 Notifiable Data Breaches under the new NDB Scheme. In July 2018, a Portuguese Hospital is fined 400.000 € for failing to secure Personal Data correctly.

Banking, Financial Services & Insurance

Usually the most highly regulated of any industry in the world, nonetheless, a worthy target for would-be criminals significantly in the areas of Fraud and Identity Theft. It has been traditionally and that doesn't look like abating any time soon. Data Protection starts with clean clear policy and ownership of the systems, issues and processing. Integration of concise processing management with our existing processes is the key to success and our world class GRC will keep the regulators satisfied and the auditors wondering what to do next. Your customers and shareholders will also thank you. We provide industry specific assistance for Finance, Insurance, and Superannuation together with PCI-DSS compliance support. Including the new APRA regulations effective 1st. July 2019.

September 2018, Bupa Insurance Services Limited (Bupa) has been fined £175,000 by the Information Commissioner’s Office (ICO) for failing to have effective security measures in place to protect customers’ personal information.


An industry that is guaranteed many new data subjects year after year. Then it comes to the ongoing management of that personal data. Our GRC has comprehensive data subject and record management built to international standards. Student data is now more than simply marks, grades and exam results, it is the student life-cycle including housing, finance and care. We provide educational institution Data Protection assistance and support in relation to federal and state general privacy regulation and specifics such as FERPA and Institution Review Board requirements to ensure information privacy.

As the third most frequently targeted institution type data breaches doubled in the first 6 months of 2017. Stamford Graduate School exposes 14 terabytes of financial aid applications and the Medical College of Wisconsin compromises patient data.

Utilities, Telcos & Energy

Usually a soft-target for criminals, there are a growing number of stories that all seem to culminate in a disaster for a consumer. Poor staff training seems to be the message that the regulators are delivering here. It won't be a message forever, it will become large fines and greater churn. Our GRC will ensure that your staff are kept trained and in the loop about changes to policy and process all the time.

Swiss telecoms giant Swisscom has admitted that it suffered a serious security breach in the autumn of 2017 that saw the theft of contact details of approximately 800,000 customers – most of whom were mobile subscribers.

Local, State and Federal Government Agencies

Political privacy in an age of democracy is torn between the digital economics or scale of cost effective processing and the need for surety of identity and one person, one vote for voting systems, while maintaining anonymity in the "Secret Ballot". 

Our GRC is designed to allow Government entities to split between being a Public Authority and a Public Authority with Commercial Interests. The management of sensitive personal information (SPI), Personally Identifiable Information (PII) and Personal Data (PD) will in most cases be managed differently and have different legislation applied to the personal data, subject to the designed use and the users capacity. The GRC can manage the same data with different delegations and purposes (of use). It will map and manage processes based on the purpose in a seamless and easy to use manner, offering greater assurances to your citizens.

September 2017, the US Securities and Exchange Commission publicly revealed that a software vulnerability in the Commission’s corporate filing system resulted in hackers gaining access to non-public trading information.

Hospitality and Tourism

As far back as 1995, the United States Department of Commerce created the International Safe Harbor Privacy Principles in response to the EU's 1995 Directive on Data Protection. All to ensure that passenger name records could flow between the US and the EU with adequate privacy protection.

Dealing with the public on a face to face basis and handling critical documents like passports and other identity documents presents its own unique risks. These documents together with credit cards are usually required when you check into a hotel. So how your organization maintains rigor around these highly confidential and most highly prized identity theft targets will determine the level of trust that your guests and shareholders have. Both determine your organizational worth. We provide unparalleled Data Protection controls to ensure that you are not left facing a multi-billion dollar lawsuit.

December 2018, Marriott says 500 million Starwood guest records stolen in massive data breach. Starwood Hotels has confirmed its hotel guest database of about 500 million customers has been stolen in a data breach.

Be the First to Know... Visit & Subscribe to our BLOG

Contact Us

This form is for general inquiries. If you are emailing about an existing case regarding a client that we represent, please reply to any of the email communications that you may have received from us about your matter. If you want to lodge a data subject request with a client that we represent, please visit the Data Subject Request form. You will need to know the Membership ID of the company that you would like to service your request. This information must be published on the contact page of our members website and in their Privacy Policy or Collection Statement.

If you wish to lodge a Data Subject Request regarding our service, our GDPMS ID is UK440000. Only use this code if the request is to be handled by us, that is information we have about you. If you would like to read our Privacy Policy and Collection Statement.










Maizieres Les Metz


Cirie TO



United Kingdom

71-75 Shelton Street

Covent Garden


+44 20 7442-5785

(207) 442-5785

United States

Suite 3377

304 S. Jones BLVD

Las Vegas NV 89107

+1 85 5577-8682

(US/Canada Toll-Free)








Full Service Regions


PO Box 834


NSW 2057

+61 4 6621-2726

(04) 6621-2726

Collection Statement & Privacy PolicyWebsite Cookie Policy | Support Desk

© 2010 - 2019 SPTG LLC, GDPR Forensic Limited. All rights reserved.

Data Protection*Services and are Trademarks of GDPR Forensic Limited (UK) and associated companies.

All prices on this website are EUR/EURO "€" unless otherwise stated.

The star logo and the DPO and CA seals are Trademarks of GDPR Forensic Limited,

unauthorised use is prohibited.