Ufford Park

A family-run hotel, golf and spa resort in Suffolk, Ufford Park felt unprepared for the GDPR and asked the DPO Centre for assistance. Particular concerns included improving staff awareness, updating policy documentation, recording consent for marketing activities, reducing extensive, duplicated paper records and managing their CCTV system.


  • Managing Consent
  • Data Minimisation
  • Managing CCTC Records


Initially the DPO Centre provided staff training to improve understanding and awareness of Data Protection practices both for management and data facing staff. Individual data sets were then identified through a data mapping exercise and high-risk data was subjected to an Impact Assessment process. The DPO Centre then developed an action plan for Ufford Park’s staff to address the main compliance shortfalls.

Josie Hopps, H&S/Development Manager, says: says: “From the start we have had a brilliant experience working with The DPO Centre and our primary point of contact. Everything has been clearly explained at every stage of the process.”


By addressing high risk areas and then continuing to manage and improve their own processes in line with the DPO Centre’s recommendations, Ufford Park has greatly improved its data protection practices.

Josie continues: “ I have felt really supported throughout the work with The DPO Centre and the coherent action plan which was created to ensure we had a strategy that best worked for our business. We have recently launched our new website and it’s been great to incorporate the recommendations raised by Matt to ensure we are working in line with the GDPR.”

“I cannot recommend The DPO Centre enough; from start to finish the process has been simple and the whole team here at Ufford Park Hotel have felt informed and supported with the suggested changes and improvements.”

Ufford Park

Download a PDF version of this case study here.

December 20, 2018
Ufford Park

Ufford Park