Data Protection

UK-GDPR requires firms to map their data flows which will help you to understand what data you hold, where it is retained and what risks you are exposed to.

We can create data maps for you which will help you to meet this requirement.

Customers and employees have the legal right to ask for copies of their personal information.  You must provide this information free of charge and within 30 days.

We can create a process for you to deal with these requests and we can also provide you with a suite of letters which you can use to respond to the data subject. For further information please refer to our blog.

You need to appoint a DPO if you are a public authority/body, you are monitoring individuals on a large scale (such as online tracking) or if you are processing large volumes of special categories of personal data.

You can outsourced the DPO services.  We can provide you with a dedicated DPO and access to specialist data protection support and guidance.

Your staff need appropriate policies and procedures to manage the personal data held by your business.  These policies need to take account of the legal requirements and good practice.

We can create tailored policies and procedures which are proportionate and relevant to your business.

You need to have data protection agreements with any other organisation that you share your personal data with such as your IT suppliers and partners.  These agreements set out the standards that your data processors need to abide by to protect your personal data.

We can amend your contracts/terms and conditions to include the data protection requirements.  We can also create standalone data protection agreements for your existing partners and suppliers.

You are legally required to conduct a DPIA if you intend to process personal data which is likely to result in a high risk to the rights and freedoms of the data subjects (eg using IT systems, biometric data, genetic data etc).  A DPIA will help you to identify and manage the data protection risks.

We can advise you on the need for a DPIA and we can also conduct a DPIA on your behalf.

It is important that your staff understand the UK-GDPR requirements which will help them to manage your personal data and protect your business.

We can provide you with tailored training which is proportionate and relevant to your business and includes real life breach scenarios.  We can also provide a test for your employees to assess their understanding.

You need to identify, investigate and resolve data protection breaches in a timely manner.  Where a data protection breach is likely to be significant, it also needs to be notified to the ICO who can impose a fine for significant failings.

We can help you to prevent and manage any data protection breaches.  We can also provide you with a procedure and a suite of letters to respond to data protection breaches.

If you want to share personal data outside the UK you need to meet certain legal requirements.  UK to the EEA data transfers are permitted. Transfers to other countries depend on whether you have a lawful reason and a valid legal basis such as an "adequacy decision" which is granted at a country level. 

We can guide you in relation to international data transfers and help you to meet the requirements.