About Us

Responsible Data Use brings together knowledge, experience and know-how. Understanding gained over years of privacy management and data protection, working with hotels, marketing, charities, healthcare and small businesses.

This breadth of experience is now available to you. It is about helping you to know how to work with personal data whilst being respectful of people's privacy.

If you can use data responsibly, then "compliance" becomes a happy outcome of your work.

Why take this approach?

It's simple. Here we are, years after GDPR came into effect. Yet there are so many businesses still failing themselves and their customers when it comes to using personal data.

In spite of, or perhaps because of, all the legal opinions, all the free advice, all the "fill in the blanks" templates, all the pontificating about privacy and fines. The data protection and privacy management industry has failed them.

Sometimes they are still clinging to the mistaken belief that respecting privacy somehow forfeits results. But they don't know how to overcome that problem.

They are still failing to take advantage of data protection and privacy as a competitive advantage; failing to put their customers front and central; failing to use data to build relationships and drive revenue.

Which means there must be space for an alternative that:

  • Is friendlier,

  • Is more approachable,

  • Is more relevant to business,

  • Is easier to access,

  • Is easy to use,

  • You can embrace to the heart of your business,

  • Convinces you that you've got this,

  • Gives you the tools and insight which gets you to become a responsible data user.

Some Basic Truths About Personal Data

Why we're doing it this way

Personal data will always flow

If the data economy is going to work data needs to flow. However this flow needs to be controlled with care and precision if the value in the data for both the individual and the data user is to be preserved. Control is your responsibility.

  • Data that flows out of control is a bad thing. When out of control, data doesn't have much inertia, it only takes a nudge and it moves easily!

  • Just remember, the data wants to flow. It is active.

  • Data follows the path of least resistance. It crosses borders with ease. As it flows it can be accessed, diverted, copied, altered or destroyed.

  • Which means tick-box data protection isn't going to cut it for you (and just for the sake of clarity, the GDPR was never

    about tick-box compliance)

Data and Value attract each other

When personal data is shared in exchange for a product or service, it is part of an exchange in value between a person and a service provider. An individual gives some information and some money, for example, and receives something they value in exchange. When this reciprocal exchange of value happens in a safe environment all is well. When that environment is weak or comes under attack, then the value can be damaged or end up in the wrong places.

Criminals understand that personal data often follows the money. They are after the money too! Which means they know that if they want to find money, they need to follow the data.

Privacy means "Choice"

Individuals have a choice. They can choose to lead their life as privately as possible, they can choose to share specific aspects of their life or they can choose to lead their life in public.

Most people want some privacy. The level of privacy is their choice.

Responsible data use is about respecting that choice. Upholding individual rights and meeting their privacy expectations.

Compliance is not enough

Some talk about "compliance" as though it is the be-all and end-all. It is NOT. Being compliant with data protection regulations nowadays is what everyone expects you to be. Compliance alone doesn't confer any signigicant competitive advantage on your business, for two reasons:

First, if you're concentrating on "compliance", the regulations and the demands of a regulator than I suggest you're facing in the wrong direction. You see, neither the regulations nor the regulators actually hold the personal data you need to use. Individuals hold that and they choose how it is used. To be successful in the data economy, responsible data users need to face the individuals.

Second, the notion of being "compliant" is a fleeting moment in time. This world of data protection and privacy is fluid. It moves and changes shape all the time. Which means that you can be compliant when you inspect your systems one day but something will happen overnight and throw you into being non-compliant the very next morning.

Consent is fragile

There are six lawful reasons for processing personal information. Consent is just one of them and it is not always appropriate. There are five others to choose from. Remember, if someone changes their mind they have the right to withdraw consent and you need to respect that.

So consent needs to be carefully managed, maintained and looked after. If you abuse consent you will lose it.

Trust matters

Trust is what you're aiming for, not just compliance. If you create the conditions where you can demonstrate why people should can trust you with their information then compliance will be a happy outcome of what you're doing.

People sharing their data is never voluntary

The word "voluntary" suggests a one-sided relationship. The notion of a volunteer, "giving of their time freely" springs to mind. In other words, there is an imbalance in the exchange of value.

This does not happen with personal information. Individuals DO NOT volunteer their personal data.

No they don't!

Personal data is always an exchange of value. An exchange which relies on the recipient being an attentive custodian and looking after it. I have seen data controllers in the past claim that because data is given "voluntarily" then their obligations are somehow diminished.

This is NEVER the case.

We rely on the outcomes of data processing

Our daily lives and our personal data are linked.

We are expected to make use of some of our personal data in order to achieve even the most mundane of tasks. Which means we rely on the outcomes of processing. As individuals and in our business.

So you can hopefully see how protecting the value in data and people's private lives is essential to those outcomes.

Responsible data use means these positive outcomes can be repeated.

As individuals and as parts of the data economy, this is what we all rely on.

There is ONE question you must answer

When you want to collect personal data from an individual there is one question on their mind that you must answer, every time. It is this,

"If I give you my information, will you cause me a problem?

Now or in the future?"

A responsible data user knows how important this question is.

And they know how to answer it.

The Responsible Data User Approach


Lets be clear right from the start.

We set high standards for what we do: It's got to be clear, it's got to be as simple as we can make it, it's got to work and above all it must demonstrate responsibility.


You pay us to either support you to achieve your goals and transform your situation

- or to do most of the transformation for you as a private client.

We commit to you. We work hard on your behalf, this works better and faster when you to do the same.

Value for Money

There must always be a way to measure the outcomes of the work we do with you or for you.

We will demonstrate that your investment in data protection and privacy management is worth it.


My name is Allan Simpson, let me tell you about what we're doing here...

The mission for Responsible Data Use

Is to be your privacy and data protection simplifier.

Using a direct, open, no nonsense approach which focuses on the value in people and their data - so your business becomes the one they can trust with their information.

You become a responsible data user.

Who We Are

Responsible Data Use is a trading identity of Allstrat Ltd.

Allstrat is dedicated to the business of data privacy - The practical application of data protection and privacy management in the real world.

With a background going back 2002, the company deals with data protection and privacy for hotels, marketing, healthcare and charities.

Allstrat Ltd is a corporate member of the Data and Marketing Association (the DMA).

A company registered in Scotland no. SC231893.

VAT number: 804114183