Michael Fraser

I'm a personable individual, who seeks job satisfaction and being able to accomplish good things for the business.

I have spent the last fourteen years creating my own roles, and working with my colleagues to establish frameworks, eg ISO 9001 Quality Manual and processes, ISO 27001's ISMS and then ensuring the business is capable of meeting and maintaining such standards.

As DPO within my last and current organisation, I have worked with all tiers, collaborating and ensuring the business was GDPR compliant, or how to become compliant. 

I am very much a people person; I enjoy collaborating and helping others achieve their business goals. The work I do is often seen as a blocker in business, but I see it more as an enabler, ensuring that we are doing the right thing and can evidence this.

I'm currently a UK national chain's GRC Manager & DPO. I have successfully implemented data protection controls, such as cookie consent, updated various privacy and cookie policies for all brand sites.

I have redeveloped DSAR and breach processes and written data protection training courses for the different strands of the business. I am currently improving the Accountability and governance within the business, working with both Operational and Executive leaders to achieve an increased GDPR health profile.

My remit now includes managing the company GRC (Governance, Risk and Compliance) posture, working with  connecting departments to ensure an efficient and effective path to success is in place.

I have also spent several years being Head of Compliance for a B2B software company, implementing then managing ISO 9001 & ISO 27001, ISAE 3402, conducting internal audits and liaising with external auditors. 

My remit has included managing those standards, as well as data protection obligations across nine offices in six countries; four of which are under the GDPR (EU or UK).

As DPO, I am a certified PC.dp - Practitioner Certificate in Data Protection -  first under the DPA and then with GDPR. I have recently passed IAPP's CIPM qualification in July 2025.

I also hold certificates for ISO 9001 internal auditing, conducting Data Protection audits, Cyber Security for Data Protection Professionals.