Sapphire has merged with Spencer West LLP

Sapphire Consulting merged with Spencer West LLP, a leading full service international law firm, in January 2023.

Kristy Gouldsmith is the Data Protection, Privacy and Cybersecurity Partner at Spencer West LLP. 

This website is now an extension of Kristy’s team page:

Be confident with data protection

Straightforward expert advice from Kristy Gouldsmith

Data Protection, Privacy and Cybersecurity Partner at Spencer West LLP


Rest assured that your
data is safe


Understand what you should and shouldn’t do with your data


Know your organisation is compliant with data protection legislation

Work towards GDPR compliance with Kristy Gouldsmith, data protection expert

Data protection can seem daunting if you’re unfamiliar with GDPR. It doesn’t need to be.

As an outsourced data protection officer, I can help you with your compliance, ensure that your organisation’s data is protected and give your team the knowledge that you need to keep it that way. I offer a range of services, from audits and reviews to support services including training, breach management and handling Subject Access Requests.

I have years of experience and I’m also an ISO 27001-certified auditor. Find out about me to learn more about how I can help you.

Some of my clients

Securing and using data can be complicated.

It doesn’t have to be. I can help you to:


Keep your customer, employee, and business data secure


Develop best practices for using data in marketing


Ensure your policies and agreements are up-to-date


Develop a contingency plan in case you suffer a breach


Train your team to use data in the right way


Stay up to date with legislative changes

Doing the right thing with your data shouldn’t be daunting.

With so many laws and regulations surrounding data security and usage, it’s not surprising that most people find it overwhelming. Collecting, sharing, and using data can feel like a minefield without the right knowledge.

I know how complex regulations such as the UK General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communication Regulations (PECR) can seem. 

That’s why I take the time to de-mystify them, so that you’ll know exactly what they mean for your business. I’ll help you identify areas of risk or non-compliance, explain the policies that need to be implemented, and show you how to use your data effectively

I speak in plain English – no technical GDPR jargon.

I know that legal speak can be confusing – that’s why I promise not to use it. I’ll talk you through the process to ensure you know exactly what is going on.

So, got a question about data protection? Just ask. Your first conversation is free.

I offer a complete range of data protection services

Outsourced DPO

Need a data protection officer but lack the in house expertise? My DPO services are a cost-effective solution to GDPR compliance.

Learn more


I’ll train your team with the key facts about data protection in a clear way, providing knowledge that lasts.

Learn more

Support Services

My pay-by-the-hour service means that I’m here to help when you need that little extra support.

Learn more

Audits and Reviews

Is your business GDPR compliant? With my audits & reviews, I’ll assess where you are and recommend changes where needed.

Learn more

I’m here to help, every step of the way


I’ll get to know
your business

I’ll talk about your organisation and discuss your options in a way that makes sense to you.


We’ll make
a plan

I’ll work with you to develop an actionable plan that is tailored to your organisation.


You’ll be

Be secure in the knowledge that you’re doing the right things with your data – and that your whole team is, too.

What my clients say

"Kristy has provided an excellent service to our school. The company acts as our Data Protection Officer (DPO) and in that role has provided clear and authoritative advice regarding policies, helping us to successfully negotiate GDPR. Kristy is very supportive and her response times to individual queries has been superb."

Mike Skelly

Head – Westcliff High School for Boys

"Kristy Gouldsmith was a godsend in helping our business meet and maintain GDPR and DPA 18 compliance. I have found Kristy's knowledge of data protection laws second to none, and I would highly recommend her to anyone in need of assistance in this area."

Lyn Francis

Risk and Compliance Analyst – Beaufort Group

"I find Kristy to be very helpful, with timely and knowledgeable responses to a range of GDPR issues, as well as FOI and other data-related queries. Highly recommended!"

Anthony Sharpe

Head – St Bernard’s High School

"Macildowie has had Kristy Gouldsmith as our Data Protection Officer for three years and we are very happy with her services. In that time, she has always provided a quick response to any issues that we have had. Kristy's advice is pragmatic and practical while at the same time, ensuring that we comply with data protection law."

James Stewart

Chief Operating Officer – Macildowie Associates Recruitment & Retention

"Kristy Gouldsmith offers a stellar service. She is an absolute expert in the field of Data Protection and GDPR. The advice and assistance we have received has always been of the highest quality, prompt and practical. Kristy is a reassuring presence, having taken the time to understand our business and our needs, for us to call on whenever required. Highly recommend."

Ben Jenkins

Director – Spool

I work with organisations in all sectors

Schools and academies

Recruitment consultants

Financial services

Medical facilities

Care homes and providers


SaaS companies


Free guide: 5 common data protection mistakes and how to avoid them

5 mistakes that most organisations make when processing data

And you might too…

Thank you! Your subscription has been confirmed. You'll hear from us soon.