Marathon provide consultancy services to address the business, legal, financial and regulatory risks associated with Information Security including Cybercrime and Data Protection.

Our services are designed to help clients understand their exposure to risks and the potential impact of those risks within the context of their organisations. We also provide guidance aimed at reducing risk, and work with our clients to ensure that their policies and controls adhere to appropriate regulation and drive compliance, education and awareness throughout their organisations.

GDPR Readiness Assessment Service

Marathon’s GDPR Readiness Assessment Service is aligned to UK regulator’s (ICO) own advice on how UK organisations should prepare and get ready for when the GDPR becomes law on the 25th May 2018.

The Information Commissioners Office (ICO), have identified 12 key areas of GDPR which is the focus for Readiness Assessment workshop which is included in the service.

Marathon also include additional analysis for other key areas of GDPR including business risk and information security.

What's Included?

Areas covered by Readiness Assessment Service:

1. The organisational risks and potential Impact of GDPR
2. Scope of GDPR
3. Which Personal Information is out of scope
4. The New principles of GDPR and the Legal Basis for processing personal information
5. Communicating Privacy Information under GDPR
6. New GDPR rules for Consent
7. Individuals Rights
8. Transferring Personal Information Internationally
9. Information Security for Personal data
10. Handling special category personal data
11. Processing Children’s Data
12. Identifying personal data
13. Data Protection Hygiene and Next Steps

What are the objectives of the Readiness Assessment Service?

  • To provide a one time, all-inclusive session for all the key stakeholders to quickly get to grips with GDPR
  • Helps to identify the specific risks that GDPR brings in the context of each organisation
  • Helps to establish a GDPR program of work or project
  • Helps to establish a regime of Data Protection by design

Why Marathon?

Marathon’s Information Security Group have vast experience of helping organisations assess the business risks associated with Cyber threats and security breaches through the use of best practice information security policies and procedures.

Our consultants are Cyber Essentials Certified Assessors, GDPR Practitioners, ISO 27001 (information security standard) and ISO 22301 (business continuity standard) auditors.


Typically the Data Protection workshop will take one day, with the ongoing days being dependant on the size and complexity of the organisation in terms of their Data Protection exposure.

Other Services

Marathon’s Information Security practice offer a number of valuable certification and enablement services including:

  • Cyber Essentials Enablement
  • ISO 27001 Auditing
  • ISO 22301 Auditing
  • Information Security Reviews