Privacy Notice

GGI sees the General Data Protection Regulation, known as GDPR, as an opportunity for you to have more control over how your data is used. The regulation helps to better protect your personal data and allows you to access the information on file faster and more effectively.

We are strongly committed to protecting personal data and will ensure your information is confidential. This privacy statement describes why and how we collect and use personal data, and provides information about your individual rights. This applies to personal data provided to us, both by you or by others. We may use the personal data provided to us for any of the purposes described in this privacy statement, as contractually agreed, or as stated at the point of collection.

Personal data is any information relating to you. GGI collects and processes personal data for two reasons: as part of a contractual relationship or to keep you informed on events, reports and announcements. When collecting and using your personal data, our policy is to be transparent about why and how we process that data.

Types of data we collect and process

We collect information in cases where there is a contractual relationship to deliver a programme of work, and we need to process personal data to comply with our obligations under the contract. Additionally, information is collected when we are asked to provide a proposal for work which may include email addresses.

At GGI, knowledge sharing forms an important component of our work, enabling us to share our expertise, experience and learning. Our tools, resources and events focus on best practice across various sectors, supporting organisations to improve governance practice and creating opportunities for partners to connect and share learning. We collect personal data which includes email addresses, job titles and employer information, in order to keep people informed of news about our events, resources and learning opportunities, as well as to ensure our records are right, which will involve verifying every now and then that you are happy for us to continue to store your information.

For visits on our website,, we use a third-party service, Google Analytics, to collect standard internet log information and visitor patterns. We do this to find out the number of visitors to the various parts of the site, for example; however, this information is processed in a way that does not identify anyone. Neither GGI nor Google collect any information related to the identity of those visiting our website.


Cookies are small files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

How do I change cookie settings?

You can change your cookie preferences at any time by changing your browser settings. You may need to refresh your page for your settings to take effect.

Alternatively, most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit

Find out how to manage cookies on popular browsers:

Data storage

We ensure the security of all the personal data that we have on record through the use of the data storage system Drupal CiviCRM, which is hosted in the European Union on a secure certificated server. Additionally, we have a framework of policies, procedures and training in place that address data protection, confidentiality, security, and regular review of the measures we employ to keep data secure. We (GGI Development and Research LLP) are registered with the Information Commissioner’s Office, ICO (Registration number: ZA077038), and we are also registered with NHS Digital (our organisational code is 8K008) for the Data Security and Protection Toolkit.

Our Staff

It is essential to GGI that our staff understand the importance of protecting personal data and apply the organisation’s privacy policy. We provide appropriate training to ensure that staff employ secure IT methods in the collection of data and that they comply to the Data Protection Act.

Data controller and contact information

Please contact Ged Barker if you have any questions about this privacy statement, including how and why we process personal data:

Ged Barker
GGI Development and Research LLP
A401 Neo Bankside,
50 Holland Street,
London, SE1 9FU

Your rights

The introduction of GDPR ensures that it is the responsibility of GGI as a data controller to enable you to have access and control over your personal data.

If you wish to see full details of the information we have on file, you can make a subject access request under the General Data Protection Regulations to

To update personal data we are holding or to withdraw consent, you may email us at, and we will promptly amend any information found to be incorrect or remove any personal information from our system.

Changes to this privacy statement

At GGI, ensuring your personal data is kept secure is seen as an ongoing responsibility, therefore we will keep this privacy statement under regular review. This privacy statement was last updated on 14 November 2023.


If you are unhappy about our use of your personal data, please send us an email with the details of your complaint to, and we will respond promptly. You also have the right to lodge a complaint with the Information Commissioner’s Office. For further information on your rights and how to complain to the ICO, please visit the ICO website.

Here to help