Kate Fitzgerald Consulting
Plain English GDPR Support – Helping Arts Organisations Use Data Confidently
Kate Fitzgerald Consulting Limited supports arts, cultural, and not‑for‑profit organisations to build confidence in how they manage personal data, ensuring compliance with data protection legislation is practical, proportionate, and embedded in day‑to‑day operations.
With direct experience of working within venues, Kate understands how arts and cultural organisations actually use data across ticketing, marketing, fundraising, and audience engagement. This insight means advice is grounded in real‑world practice — not theory.
At the same time, a core focus of the consultancy is demystifying GDPR. Guidance is delivered in plain English, stripped of jargon, and tailored to your organisation, helping teams understand what data protection really means in their context and how to apply it confidently.
What we help you achieve
- Clear, confident use of personal data within CRM and ticketing systems such as Spektrix
- Practical compliance with UK GDPR and data protection legislation
- Reduced risk of data breaches, complaints, and regulatory issues
- Strong internal understanding and ownership of data protection
- Policies and processes that reflect how your organisation actually works
Services and expertise
Kate Fitzgerald Consulting Limited provides tailored data protection support, including:
- Data Protection Audits – identifying risks, gaps and priority actions
- ROPA Development – hands‑on support to map and document processing activities
- Training (in‑person and online) – from organisation‑wide awareness sessions to targeted departmental workshops
- Privacy Policy Review and Development – ensuring policies accurately reflect system use and data flows
- Advisory Support – practical guidance on consent, legitimate interests, and soft opt‑in
- Internal Policy Review – updating and aligning policies with current legislation and real‑world practice
- DPIAs and LIAs – templates and support to assess risk and document decision‑making
- Ongoing Support – flexible advisory input on day‑to‑day data protection queries, breaches, and SARs
Common use cases and pain points
- Uncertainty around marketing permissions, consent, and soft opt‑in
- Ensuring CRM and ticketing data is used compliantly and confidently
- Lack of clarity around how personal data flows across departments
- Outdated or inconsistent policies
- Limited internal confidence in handling breaches or subject access requests
- Need for clear documentation to demonstrate accountability
What makes us different
- Venue experience – understands how arts and cultural organisations actually operate
- Plain English approach – GDPR explained in a way teams can understand and use
- Practical and proportionate – focused on what works in real organisations
- Hands‑on delivery – supporting implementation, not just providing advice
- Organisation‑specific – guidance tailored to your systems, teams, and activities