A business needs to get the best advice on the General Data Protection Regulation (GDPR) and Data Protection Act 2018 to ensure compliance. Our data protection solicitors are experts in GDPR compliance and dealing with the Information Commissioner's Office, the UK's data protection regulator.
To become GDPR compliant, you may not know what you need to do. Our data protection solicitors will work closely with you to understand your business and provide advice tailored to your current situation and future goals.
We can also assist you if you receive individual complaints to the Information Commissioner's Office (ICO) or are the subject of an ICO investigation. It's critical in certain cases to have experienced consultants who know how to deal with the problems you're having. We've got the specialised knowledge and experience you're looking for.
What Is The GDPR?
The GDPR and the Data Protection Act 2018 regulate how businesses obtain, use, and store personal data.
Businesses operating in the European Economic Area are subject to the GDPR (EEA). It also applies to enterprises based outside of the EEA that provide products or services to EEA residents or monitor their behaviour. It may thus apply to enterprises in the United States or in nations outside the European Economic Area; we can help you determine whether it does.
Businesses need to follow the seven principles of the GDPR:
1. Lawfulness, fairness, and transparency - Your business must collect, use, and keep personal data in a lawful, fair, and transparent manner, and you must publish a privacy notice so that people are aware of how you use their data. Our solicitors can assist you with drafting privacy notices that meet your legal obligations while also safeguarding your business interests.
2. Limitations on the use of collected data - Your business may only use data for the reasons specified in your privacy notice or for additional purposes that are compatible with that notice. Our solicitors advise businesses on the best strategy if there are modified requirements on the use of personal data.
3. Minimisation of data collection and storage - You business must only collect and keep data that is relevant and required for the reasons stated in your privacy notice.
4. Accurate data - When collecting data, you must verify that it is correct and that it is maintained up-to-date throughout storage. Any inaccurate or out-of-date data must be updated or deleted.
5. Limiting storage of data - Your business should only store data for as long as it's needed for the purposes specified in the privacy notice, and securely erase it once it's no longer needed. We can assist you in drafting a retention policy that specifies how long each stream of personal data collected by your company should be kept.
6. Integrity and secrecy – Data must be stored safely and discreetly. We'll assist you in determining the right level of protection for the various sorts of data you have on hand, depending on the potential for harm in the event of a breach.
7. Accountability - Policies and processes must be used to document how you follow the above six principles.
We advise businesses on:
- Data Audit
- Data Asset Register
- Data Protection Policies and Procedures
- How to handle subject access requests (SAR / DSAR)
- Individuals’ data rights
- Dealing with data breaches, including reports to the ICO
- Handing complaints from individuals and regulators
- Moving data out of the EEA
- Sharing data with other businesses
If your business breaches the rules contained in the GDPR, it may face fines of up to €20 million, or 4% of the global yearly sales (whichever is higher). Individuals can also file claims against your business if you abuse their personal information, and you may be held liable for damages causing serious damage to reputation.
Speak with our data protection & privacy solicitors by calling 0113 345 4114