Chris Belton

IT Director

Ninja Theory is an award-winning video game developer based in the historic City of Cambridge, creators of the BAFTA award-winning Hellblade: Senua’s Sacrifice, DmC: Devil May Cry, Bleeding Edge and more. Today, as part of Xbox Game Studios, we strive to achieve our mission to craft life-changing art with game-changing tech across our in-development projects. Our philosophy is simple: to create impactful game experiences made by small, passionate teams with breakthrough technology.

Ninja Theory Ltd. was formed in 2004 by four partners, including current Directors Nina Kristensen (Chief Development Director) and Tameem Antoniades (Chief Creative Director). We currently have circa 150 employees working from home and office in th

Founded:Founded in 2004 by four partners, including current Directors Nina Kristensen (Chief Development Director) and Tameem Antoniades (Chief Creative Director).
Size: 150


What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? Our global parent company acts as our Data Protection Officer when dealing with customer data, however, they don’t oversee our internal function so we found that we were tying ourselves in knots to make sure we were doing the right thing from a compliance perspective.

Something that flagged up a need for support, for example, was during the pandemic when our employees were working from home, we decided to send out care packages as a kind gesture in helping the staff during the lockdown. However, there were concerns within the company about passing people’s names to the courier as it was personal Data. So parcels were sent out with no names, and as a result, quite a few went missing.

We knew that when it came to customers’ data, our parent company has our back with our compliance obligations, but there was a gap in internal processes. As data protection can be so complex, and we had no internal legal expertise or knowledge, we needed that external support to know we are doing the right thing.

How did you go about searching for the solution and services? Initially, a Google search. I selected 2-3 vendors offering similar services.

Please describe the reasons you decided to work with us. Having spoken to a couple of other data protection service providers, who seemed hesitant given our relationship with the parent company managing part of our data protection compliance, I found when speaking with Evalian’s commercial director, Chris Hawthorn, that he appreciated straight away what we were looking for. He understood that it might be an unconventional contract given it would only involve managing a subset of our data but he struck me as being very pragmatic. Nothing was an issue, and he made everything easy for us with a solution as to how we go about onboarding Evalian to support us with our data protection compliance.

Did you have any expectations going into the process? I think I had expectations that we might not get the response times that we would want for an answer to simple questions. But with our evalian consultant, Ray, I can get in touch with him and normally get an answer within an hour which is refreshing.


Can you describe the process we took your business through and anything you learnt about your own business through working this way? Evalian conducted a Gap Analysis, which confirmed areas we were compliant in, and areas we needed to strengthen and improve upon. Evalian held discovery meetings with me and other key stakeholders and now has a strong understanding of Ninja Theories practices and processes. Following the discovery, a remediation plan was formed.

I found out that largely we were doing the right things when it came to accountability and procedures, which was very reassuring. It was good to have Evalian and Ray come on board and give us that confirmation. It became clear that most of the remedial work needed to be done around having the actual documentation in place and this is where Evalian has been invaluable in their support.

Were there any challenges you found along the way and how did you feel we or your consultant, helped to support you through that? There were no big challenges from my point of view. There was a worry from stakeholders that it was going to be an onerous process but right from the start we found Ray very easy to talk to, and the process has been smooth. No one had any issues and Ray handles any queries in a really pragmatic way.

What changes did you make as a result of working with us? We now have the correct documentation in place – it’s still a work in progress to “Ninja-fy” it all, and put that Ninja Theory sheen on it but we have made significant progress.


What has been the most significant achievement for your business facilitated by working with us? I think it’s having that one-stop shop for all our queries. Usually, I, as “the IT guy”, get bombarded by questions from everyone across the company, but I don’t get that anymore. Having Evalian as our expert on tap has really helped support my role. Usually, I can pick my way through GDPR and processes, and most questions aren’t particularly complex, but we now have that reassurance that by asking our Evalian consultant, Ray, we will get an instant and expert answer and it makes everything easier for us.

What impact has the results from working with us had on your stakeholders? It’s really been about having that peace of mind for our senior leadership that we’re buttoned up on our data protection compliance.

What do you hope to achieve in your future working relationship with us? We are really happy with the service Evalian continues to provide us in managing the personal data we store on our staff and employees. Should the UK’s data protection landscape veer away from EU GDPR, we know we will keep up to date with legislation as it changes with Evalian’s support and expertise.

  • This field is for validation purposes and should be left unchanged.


Talk To Us:

If you’ve had a data breach, are confused about DPOs, or would like to discuss penetration testing or cyber incident response training, please give us a call or email us. We promise no hard sell and only real-world guidance.

We love to talk privacy and security and we’d be delighted to discuss your requirements. If we can’t help for any reason, we’ll probably know someone who can.

Get In Touch