GDPR, or the General Data Protection Regulation, came into force in May 2018. It is a part of EU law that relates to the sharing of personal data. The legal team at DPP GDPR can help you to comply with this legislation. Contact us today on 0333 200 5859.
It’s vital that businesses adhere to the data protection regulations of GDPR. Failing to do so may result in a breach. This could make it possible for third parties to access your clients’ or employees’ data.
This data may include:
- Location details
- Financial records
- Sensitive means of identification
- Information that may see them come to harm if it’s made public
Call our GDPR compliance solicitors today if you need expert advice and representation: 0333 200 5859
How our GDPR compliance solicitors can help you
The data protection solicitors at DPP GDPR provide valuable assistance as follows:
- Guidance for companies aiming to ensure GDPR compliance
- Legal advice on the creation and revision of data protection processes, policies and contracts
- Building a strong legal defence if someone accuses you of breaching data protection
- Guidance on dealing with a data breach
- Assistance with data protection audits, Subject Access Requests and inspections
- Advice on the proper processes for record-keeping. This will include managing data consents and creating privacy notice
Additionally, our GDPR compliance solicitors may assist you with matters of:
- Commercial and corporate law
- Contract law
- Intellectual property law
- Technology law
How to become GDPR compliant
Article 28 of the GDPR gives details of the information that all Data Processor Agreement should contain.
This document sets out the duties of a data processor. The individual or organisation who works with the data that’s collected. It is also very helpful as a starting point for your company’s approach to GDPR.
The duties it describes include:
- Explaining the purpose of any and all data collection
- Retaining data only for as long as required, and only using it for the stated purpose. (After it is finished with, you must destroy or return it)
- Detailing exactly how long you will retain the data
- Recording the subject matter of type of data you will be collecting
- Grouping data and its subjects into comprehensible categories
- Making all data and processes available to the ICO or any other relevant regulatory body – including the data controller – when required
- Ensuring that all new approaches or technologies required by law are implemented as soon as possible
- Only taking actions that are approved by the relevant data controllers
Your organisation may only store data in a location or on a device that is totally secure. Unauthorised individuals should not be able to gain access under any circumstances.
The subjects of your data have the right to make a Subject Access Request at any time and you must provide the required information within 40 days.
You must always make sure you have clear, provable consent to retain the data in question.
Frequently asked questions about GDPR compliance
What happens if a company breaches data protection?
If a DPA breach occurs, your company may be investigated or audited by the ICO or other authorities. You must not obstruct this investigation in any way.
You may receive an official warning and it is likely that it’ll require you to make changes to your existing practices.
Your organisation may be banned from either collecting data and/or transferring data to third parties or other countries.
This ban may be either temporary or permanent depending on the severity of the breach.
Your permission to process certain types of data may also be restricted.
Finally, you may also face considerable damages and fines, which may reach:
- 2% of your company’s annual revenue or €10 million (whichever is greater) for a lesser breach
- 4% of your company’s annual revenue or €20 million (whichever is greater) for a more serious breach
Who has a duty to monitor compliance with GDPR?
The ICO (Information Commissioner’s Office) regulates GDPR. Data processors may also be audited by their relevant data controller.
Any organisation that collects data must ensure that they comply with GDPR at all times.
How can I demonstrate that my organisation is compliant with GDPR?
It’s also beneficial to have a focused GDPR declaration that details all the steps you have taken.
You should already have a privacy statement linked to all web-related data collection approaches. Explaining your approach to GDPR here and in any resulting mailing list messages will help.