Selected Press Releases


Next Steps
Press Releases

GDPR Local Partners with IRI to Strengthen GDPR Compliance

UK Consultancy and ISV Align Services and Software to Document and Protect EU Citizen Data

Brighton, UK - November 28, 2023 -- GDPR Local (, a leading cyber risk consultancy and services provider, and Innovative Routines International (IRI) (, a multi-source data discovery and masking pioneer, have announced a partnership to help customers assess and reduce the risk of data breaches and privacy law violations, particularly those of the General Data Protection Regulation (GDPR) now being enforced throughout the European Union (EU).

GDPR Local offers compliance training, services and a secure online hub for its clients to develop and document critical requirements of the GDPR, such as their Record of Processing Activities (ROPAs), and to comply with Subject Access Requests (SARs). GDPR Local also provides its clients with a rich set of Information Security and Privacy Policies as well as a Data Breach Policy. As compliance SMEs, GDPR Local can also advise on other frameworks including SOC2, ISO 27001, HIPAA, and the CCPA.

IRI provides software and services to discover, deliver, delete, or de-identify sensitive data (like names and numbers, other contact information, and demographic details) in structured, semi-structured, and unstructured sources in on-premise and cloud data silos. Tools like IRI DarkShield use multiple search methods and masking functions to scan and protect (as well as extract and delete) PII in files, documents, images and databases in a variety of formats.

IRI software and services would be used in conjunction with GDPR Local services to effect the multi-source scanning, scoring, remediation and logging required to comply with both GDPR and Information Security policies. Users who can benefit from the combined offerings include:

GDPR Data Collectors, Processors and EU Citizens - GDPR Local provides the documents and training for companies who process EU citizen data to understand how to comply, and support inquiries and investigations under the GDPR. GDPR Local can then refer or implement IRI software to anonymize, pseudonymize, extract, or erase data subject to protections and SARs related to GDPR data portability, rectification and right-to-be-forgotten provisions.

HIPAA Covered Entities and Business Associates - who can use GDPR Local’s managed services to address third-party risk assessment requirements, plus IRI FieldShield to find and de-identify key PHI identifiers to comply with the HIPAA Safe Harbour Rule. FieldShield also scores re-identification risk from remaining PHI quasi-identifiers and further anonymizes them to comply with the Expert Determination Method Rule.

According to GDPR Local CEO Adam Brogden, “companies and their suppliers who collect or process personally identifiable information (PII) and other data ascribed to individuals in the EU are subject to the GDPR requirements, and the sanctions for violations thereof. We’ve partnered with IRI to help our clients go from understanding and documenting GDPR provisions in their businesses, to actually complying with those provisions by classifying, locating, and acting on the data with the protection and proof they need.”


Press Contact:
Ana Mishova,
Luluk Soraya,

Share this page