Robert Burles

Head of Regulatory Affairs


Formed in 2018, Swish Fibre has secured £250 million of funding from Fern Trading Limited, part of the Octopus Investments group, to roll out a full-fibre broadband network to consumers and businesses across the UK. The network will provide customers with ultrafast upload and download speeds and a much more resilient service than current part-copper networks. Swish started building in Buckinghamshire in 2020 and has now expanded into Oxfordshire, Berkshire, Hampshire, Surrey and Sussex. We have grown rapidly from 6 staff in December 2019 to over 300 in three years.

Founded: 2018
Number of employees: 300+
Target customer: Consumers and businesses in the UK


What challenges were you and your team experiencing prior to working with us – what prompted you to seek a solution? Prior to the introduction of the EU GDPR, we had developed a mature and considered approach to data protection compliance. Given the potential risks in managing large volumes of personal data during a rapid scale-up phase, we decided to appoint a subject matter expert to be able to take a holistic view of our governance framework and assess its capability based on future activity rather than on existing processes.

How did you go about searching for the solution and services? As part of the consultant selection process, one of our key requirements was engaging with a practice that was able to appreciate the practical challenges around processing large volumes of personal data and implement pragmatic and sustainable solutions, whilst helping us build an internal data protection capability in step with our growth plans.

Please describe the reasons you decided to work with us. We spoke with a few consultancies and liked Evalian’s pragmatic approach, they were friendly and helpful and really knew what they were talking about. After a thorough gap analysis, we were confident that they had a good understanding of our business.

Did you have any expectations going into the process? We had not appointed data protection specialists before. We had been reliant on our legal team. Faced with a significant increase in workload it soon became evident that our legal team may struggle to provide the advice and support required by the rest of the business. We wanted to see whether outsourcing to a specialist would match our needs. And it did.


Can you describe the process we took your business through and anything you learnt about your own business through working this way? After an initial intense discovery phase, Evalian® supplied us with a detailed data map and gap analysis in order to develop a remediation plan. We feel far more confident in managing our business risks in relation to personal data. We feel we are in a good position to grow with confidence.

Were there any challenges you found along the way and how did you feel we or your consultant, helped to support you through that? As a fast-growing company, it is sometimes difficult to balance the work needed to develop the company quickly and at scale, with GDPR requirements. It was helpful having Evalian® as a partner and to take some of that weight off in the initial phases.

What changes did you make as a result of working with us? We have built upon our data protection governance framework, including a comprehensive set of policies and an effective training programme.


What has been the most significant achievement for your business facilitated by working with us? We have greater staff engagement in data protection and information security across our organisation.

What impact has the results from working with us had on your clients/stakeholders? After improvements to our data protection governance framework and creating a more robust security posture, our clients and staff have more confidence that we are doing everything the right way when it comes to data protection.

What do you hope to achieve in your future working relationship with us? We will continue to work with Evalian® as our Data Protection Officer and further develop our knowledge, understanding and compliance with GDPR.

Learn more about our Outsourced DPO Services.


Talk To Us:

If you’ve had a data breach, are confused about DPOs, or would like to discuss penetration testing or cyber incident response training, please give us a call or email us. We promise no hard sell and only real-world guidance.

We love to talk privacy and security and we’d be delighted to discuss your requirements. If we can’t help for any reason, we’ll probably know someone who can.

Get In Touch