Ian Grey. WADIFF ConsultingI help companies with Information and Cyber Security, this includes compliance with data protection and other relevant legislation. I work with you to manage all the security risks to your business – cyber, electronic and paper records, people, process, legislation, physical access and business continuity. WADIFF Consulting is backed up by a wider team of experienced professionals that provide specialist security and process related services to all types of businesses.

With more than 25 years experience in IT and technical areas, and holding board level posts for ensuring effective security and data compliance measures are in place, I have the background and real world experience to help your company address all types of security risks to reduce the likelihood of a security breach that incurs financial losses and reputational damage, and could put you out of business.

An item that should be at the top of the agenda for companies is the introduction of the General Data Protection Regulation (GDPR). This starts to be enforced in May 2018, when it will replace the Data Protection Act. It gives companies the opportunity to review legacy processes and systems to ensure they are fit for purpose for processing personal data. Am I a ‘GDPR Expert’? No, I don’t believe these exist as the GDPR is not in force yet. Experience from managing projects over many years in the private and public sectors that process large amounts of personal data, being an ex-Operations Director and being involved in GDPR discussions and work since early 2016 gives me a background that can help prepare companies for May 2018.

Heard any of the following – then we can help.

  • We need to prepare for the the GDPR but are not sure how this should be done (hint: it’s mainly about processes, IT supports this)
  • We need to prove that we are secure to win a big piece of new business, but I am not sure of the best way to do this
  • Business Continuity – we have a plan somewhere, but we have never tested it
  • Senior management want to know that we are not spending money on IT security that doesn’t give real benefits
  • The IT guys say we are secure, but they cannot give staff a list of things they need to look out for
  • I am not sure how quickly we could recover if a virus got onto our network
  • Our security training doesn’t cover the use of personal mobile phones or phishing emails that have hit other firms
  • We need to get Cyber Essentials (or ISO27001) certification, but I am not sure of the best way to do this
  • How can someone just walk into the office and take one of the desktops
  • We think someone has copied our website
  • It’s a constant battle to keep up to date with security issues and we don’t have the resources to do it
  • How come we keep losing pitches as we are slightly more expensive. Do our competitors know what we are doing


Achievements include:

  • Helping commercial and not-for-profit and obtain ISO27001:2013 certification
  • Leading work to obtain ISO27001:2013 and maintain certification for a leading Communications Agency. I am a certified ISO27001:2013 Lead Auditor (CIS LA 2013) and member of the UK Cyber Security Forum
  • Implementing project management processes based on PRINCE2 and Agile
  • Managing Client Services and Project Management teams
  • Managing website builds for clients including Balfour Beatty, Barclays, FIFA, Tesco and Thomson Reuters. Managing intranet builds for clients including the Department for Transport
  • Developing an eRecruitment product widely used in the public sector
  • Implementing Content Management solutions for global publishers

Get in touch
e: ian.grey@wadiff-consulting.co.uk
t: +44 (0)7941 188462

Summary of Business Areas/Solutions
Communication and Digital agencies
General Insurance (Home and Motor) & Reinsurance
Information Security and Data compliance
Internet and Intranet sites
Investor Relations and Financial sector
Online Publishing
Public Sector – Central and Local Government, NGOs, eGovernment and eRecruitment