Galaxy S3 native browser does not support code used in this site. Please use Chrome, Firefox or Opera.
GDPR, PCI-DSS Consultancy and Auditing


Consultancy and Auditing

X-on are an accredited level 1 PCI-DSS security provider, with extensive experience in the secure and compliant transmission and storage of data, maintaining our own highly secure systems which currently process the data of thousands of our clients, from SMEs through to Corporates and the NHS.

We use this expertise to provide a range of security services from consultancy right up to a full audit of your security compliance, notably GDPR and PCI-DSS requirements.


Read our white paper on the EU GDPR for ensuring the security and control of personal data.


The GDPR (General Data Protection Regulation) expands the rights of individuals in controlling how their personal information is collected and processed, thereby increasing the obligations on organisations for data protection accountability. failure to comply with these new regulations may result in significant penalties.

The regulations are complex, so the safest approach is engagement of a dedicated resource to assess your organisation's compliance. Call the experts!


Virtual DPO

Where organisations don’t have the requisite data protection expertise to fulfil their Data Protection Officer obligations under the GDPR, X-on can step into that role.

This provides access to expert advice and guidance, helping address GDPR compliance demands while remaining focused on core business activities.

GDPR Data Flow Audit

The essential step to prepare for compliance and reducing your risk of an information security breach. We prepare a thorough audit of the personal data in your organisation, creating a data flow map that will help identify where your data resides.

We assess the type of data being held, where the data resides, who 'owns' the data, who accesses to the data, and where the data is shared.

Gap Analysis Service

The GDPR gap analysis service assesses your organisation’s current level of compliance with the GDPR, identifying the key areas that your organisation must address by May 2018.

Tailored to your level of organisation, we provide a detailed breakdown of your compliance status, with an action plan that prioritises the key issues your organisation must address to become compliant.

DPIA Service

A Data Protection Impact Assessment is mandatory under the GDPR for any new personal data processing operations that might result in a risk to the rights and freedoms of individuals.

Our DPIA service provides an assessment of the data protection risks associated with a new or existing single data processing operation within your organisation with recommendations on the appropriate controls to mitigate these risks.


The Payment Card Industry Data Security Standard (PCI-DSS) applies to all organisations that transmit, process or store payment card data. The advent of the GDPR will compel organisations to take PCI-DSS compliance seriously, with the advantage being that if compliance standards for cardholder data were adopted for personal data, it would go a long way toward satisfying all GDPR requirements.

X-on can support your organisation's PCI activities throughout all stages - from build the ongoing assessments required to maintain PCI-DSS compliance. We provide products and services in all the various compliance categories.

PCI-DSS Gap Analysis

Our PCI-DSS Gap Analysis service will review your in-scope systems and networks, and provide you with a report detailing areas that need attention. It includes a plan to bridge the gap between your current security status and full PCI-DSS compliance.

The analysis will help you build a cardholder data environment and infrastructure that meet PCI requirements, assisting your organisation to pass the annual audit.

Penetration Testing

PCI-DSS requires regular tests to identify unaddressed security issues and scan for rogue wireless networks, ensuring preparedness for the full range of attacks that companies have to face.

A penetration test attempts to exploit vulnerabilities to determine whether unauthorised access or other malicious activity is possible. It includes network and application controls, processes and layer testing, and is conducted from outside and inside the network.

SAQ Validation and Support

PCI Self Assessment Questionnaires can make compliance easier for organisations with lower transaction volumes.

We help you identify and complete the correct SAQ along with appropriate support and advice to ensure your responses are in line with each of the requirements, assisting you to achieve full PCI-DSS compliance.

Compliance Audit and ROC

A Report On Compliance is required for organisations with large transaction volume and must be performed by a Qualified Security Assessor (QSA) who issues a report to the PCI Security Standards Council attesting an organisation is fully compliant.

Our QSA consultants are experienced assessors with the ability to comprehend your business activities along with the payment solutions and technologies utilised, ensuring the highest assessment quality.

Please call our security team on 0333 332 0159 if you have any GDPR or PCI-DSS requirements.