Independent consultant · England & Wales

Security and compliance that works for people, not just auditors.

I help small businesses and charities get their cyber security and data protection in order — without drowning in jargon, overpaying for templates, or ending up with a folder nobody ever opens again.

Let's have a chat What I can help with →

You might be looking for help if…

First conversation is always free. No pitch, no obligation — just a chance to talk through what you need.

Qualified Data Protection Officer Cyber Essentials & IASME NHS DSPT Accreditation European-first where it matters 30+ years' hands-on experience

What I do

Four things I can genuinely help with

Everything is bespoke — written and built for your organisation, not copied from a template. If it has your logo on something someone else wrote, it didn't come from me.

Cyber Essentials, IASME & NHS DSPT

I help organisations prepare for and achieve all three accreditations. Whether it's Cyber Essentials for a small business, IASME for a charity, or NHS DSPT for a small business health-sector supplier, I'll guide you through what's genuinely required and make sure you understand what you've achieved — not just that you've achieved it. I do not do shelfware.

Talk to me about accreditation →

UK GDPR & Data Protection

As a qualified DPO, I can review your compliance, run DPIAs (privacy risk assessments) with you, and build practices your team will actually follow — explained in plain English from start to finish. I can also act as your outsourced DPO to keep your costs reasonable.

Talk to me about data protection →

Efficient & Secure Systems Design

Building something new, or reviewing what you've got? Getting security right at the start is far cheaper than patching it later. I'll help you ask the right questions — including of the people selling you things.

Talk to me about system design →

Technical Consultancy And Cost Reduction

Extensive hands-on experience across MySQL, MariaDB, and PostgreSQL (my current go-to platforms), as well as Oracle and SQL Server going back over thirty years. Slow databases, unreliable or expensive infrastructure, or needing someone who can bridge technical and non-technical teams — I've been doing this since 1990.

Talk to me about technical problems →

Infrastructure & operations

Is anyone actually looking after your servers?

Many small organisations are running on infrastructure that nobody fully understands anymore. That's more common than you'd think — and more fragile than it looks.

I don't offer ongoing managed support — it doesn't suit a solo consultant, and it tends to create dependency rather than solve problems. Instead I work with you for a defined engagement, make sense of what you have, and leave you genuinely better informed and more capable than before.

This kind of work also connects directly to your Cyber Essentials and GDPR compliance. You can't secure infrastructure you don't understand, and you can't protect data you haven't mapped.

All engagements are fixed scope. We agree what I'll do and what it costs before I start. No retainer, no surprises.

Fixed scope

Infrastructure audit & documentation

Map what you're running, document it properly, and get an honest assessment of where the risks are — including whether your backups have ever actually been tested.
Spoiler - most backups are not and never have been tested!

Fixed scope

Operations capability review

Build simple, practical processes your team will actually follow — patching schedules, monitoring, recovery procedures. Proportionate to your size and realistic about your capacity.

Advisory

Procurement & migration guidance

About to buy a new system or move to the cloud? The decisions you make now will affect you for years. I can sit alongside you and help you ask the questions vendors would rather you didn't.

Your data & where it lives

Most organisations haven't thought about this carefully. Many should.

Using US-based cloud services isn't automatically a problem — but it has implications under UK GDPR that are worth understanding.

A lot of small businesses and charities are running on a mix of American cloud tools — file storage, email, analytics, CRM — without realising this may create data transfer obligations they haven't addressed. The restrictions on transferring personal data to third countries catch many organisations out simply because they signed up for something useful without thinking it through.

For organisations handling medical records, legal information, or data about vulnerable people, this is worth taking seriously. For others, it might just mean better documentation. I'll help you understand your actual position — not give you a generic answer.

I'm not suggesting you rip out every American tool you use. I'm suggesting you make those choices deliberately, knowing what they mean.

I use European-hosted and open source tools in my own work wherever practical, and I'll advocate the same when it makes sense for you. Where it doesn't, I'll help you put the right safeguards in place instead.

European & open source alternatives worth knowing

Files & collaboration

NextcloudMurenaTresoritSeafile

Email & calendar

Proton MailTutanotaInfomaniak MailMailcow

Web analytics

MatomoPlausibleFathom

Hosting & infrastructure

IONOSOVHcloudHetznerFasthosts

Video & messaging

JitsiElement / MatrixBigBlueButton

Highlighted are tools I use or have recommended. Others are worth evaluating for your situation.

How I work

A few things worth knowing before you get in touch

There's no shortage of consultancies selling compliance packages. Here's what makes working with me a bit different.

01

Always bespoke

Everything is written for your organisation. If it has your logo on a template someone else wrote, it didn't come from me.

02

Plain English

Legal obligations explained so your team actually understands them — not buried in clauses nobody will ever read.

03

Honest advice

I'll tell you what genuinely needs doing and what doesn't. Maximising my hours isn't the goal. Solving your problem is.

04

Fixed scope

Most work is agreed in scope and price upfront. You know exactly what you're getting. No retainer, no surprises.

05

European-first

Where technology choices are part of the conversation, I'll always consider where your data lives and what that means for your obligations.

06

Straight about limits

I work on my own. If you need 24/7 support or guaranteed SLAs, I'll say so upfront and point you somewhere that can actually deliver it.

About Scott

Scott Taylor
  • IBITGQ EU GDPR Foundation & Practitioner
  • Qualified Data Protection Officer
  • Cyber Essentials Accreditation Specialist
  • IASME Accreditation Specialist
  • NHS DSPT Accreditation Specialist
  • MySQL, MariaDB & PostgreSQL (current)
  • Oracle & SQL Server (20+ years)
  • Based in Shropshire, England

I've been untangling technical problems since 1991

I started out as an Oracle DBA — the person who got called when a building society's systems went down, or when a financial firm's databases were so slow that nobody could do their job. That work taught me something early on: the technical problem is rarely just a technical problem. There are always people behind it, and they're usually the most important part.

After over two decades working at the database and systems layer — including at West Bromwich Building Society, Wesleyan Assurance, and Experian — I moved into information security and data protection. My database work has continued in parallel, these days primarily with MySQL, MariaDB, and PostgreSQL. Since 2018 I've been working independently through Introvision Designs, helping smaller organisations with Cyber Essentials, IASME, NHS DSPT, and UK GDPR.

"Compliance done properly is genuinely good for your organisation. My job is to help you get there without losing the will to live in the process."

I work with smaller organisations because that's where good advice makes the most difference. I use open source software in my own work, advocate for repairable technology, and am gradually reducing my own dependence on large US platforms — a work in progress, as these things tend to be.

Get in touch

The first conversation is free — no pitch, no pressure

I work across England, Wales and Scotland with small businesses and charities. Not sure if I'm the right fit? Get in touch anyway — I'll be straight with you if someone else would serve you better.