Personal data is information relating to an identifiable living individual. Whenever personal data is processed, collected, recorded, stored or disposed of it must be done within the terms of the Data Protection Act (DPA).
The previous DPA (1998) was replaced by the General Data Protection Regulation (GDPR) on 25 May 2018. This places additional obligations on data controllers and data processors which you need to be aware of.
We can assist you at all stages in the development of your data protection system.
The GDPR introduces a number of new rights for individuals including:
and new obligations for data controllers / processors including:
We have a thorough understanding of the GDPR and can help you adjust to the new requirements. We also offer a virtual DPO service for those companies who require a DPO, or prefer to appoint one.
The starting point for effective data protection is a detailed Data Protection Policy. This should then be backed up with more detailed procedures for specific topics.
If you are creating policies for the first time, we have templates which will speed up the process and ensure you are covering all the required areas. We can work with you to tailor these templates to your company.
If you have existing policies which are due for review (in particular checking for changes required by the introduction of the GDPR on 25 May 2018), we can help you identify areas that need to be updated and incorporate current best practices.
Before you can prepare a Data Protection policy, you need to understand what personal data you hold. Indeed, this is the one of the early steps in the ICO’s own “12 Steps To Take Now” document about preparing for GDPR.
We have experience of running Data Audits to identify personal data together with meta data required by the GDPR such as:
For organisations which need or want to appoint a DPO but don’t have available resources for the role in-house, we offer a virtual DPO service.
Our service gives you a named individual who will get to know your business and then act as your DPO, providing on-going guidance to your data protection efforts.