Most, companies, hold personal information in the form of employee or customer personal records and therefore those companies must ensure that they are compliant with the GDPR.


For GDPR breaches will incur fines of up to €20 million (or 4% of company turnover).

Marathon offers an advice service to ensure that organisations have the policies, controls, processes and awareness, which will minimise any risk of a regulation breach and prosecution.



Why Marathon?

Marathon’s Information Security Group have vast experience of helping organisations assess the business risks associated with Cyber threats and security breaches through the use of best practice information security policies and procedures.

Our consultants are Cyber Essentials Certified Assessors,ISO 27001(information security standard) and ISO 22301 (business continuity standard) auditors.

Marathon's GDPR Readiness Assessment and Fast Track to Compliance Services

Marathon’s comprehensive approach to GDPR compliance helps to identify the specific risks from this regulation, within your own organisation. Both services are delivered by a senior Marathon Data Protection consultant and aligned with the Information Commissioners Office (ICO) 12 point GDPR readiness checklist. Our aim is to provide a structure for you to quickly get to grips with GDPR and help you establish a regime of Data Protection by design.

Our Consultant works with you to produce a report highlighting the gaps between the company’s current Data Protection practices, when benchmarked the GDPR. The consultant can the present the report to board or senior management teams, to discuss how gaps can be prevented and mitigate any Data Protection compliance risks, that the company is exposed to.

Scope of Service

  • Identify current activities that are regulated by the GDPR
  • Ensure that the personal data being gathered is justifiable
  • Ensure that personal data is being processed correctly, when relating to the justification
  • Securing personal and sensitive information
  • Handling requests for information and understanding data subject rights
  • Controlling access to personal information
  • Ensuring that adequate levels of transparency and privacy are in place
  • Ensuring accuracy and currency of information
  • Training and awareness relating to Data Protection compliance
  • Breach management


Typically the Data Protection workshop will take one day, with the report taking 2 days to produce an the GDPR Readiness workshop will take up to half a day. The reporting for both services can take up to 3 days, depending on the size and complexity of data protection exposure, across the organisation.

Download the data sheet or contact the team at Marathon for more information.

Other Services

Marathon’s Information Security practice offer a number of valuable certification and enablement services including:

  • Cyber Essentials Enablement
  • ISO 27001 Auditing
  • ISO 22301 Auditing
  • Information Security Reviews