Data Protection

Personal data is information relating to an identifiable living individual. Whenever personal data is processed, collected, recorded, stored or disposed of it must be done within the terms of the Data Protection Act (DPA).

The previous DPA (1998) was replaced by the General Data Protection Regulation (GDPR) on 25 May 2018. This places additional obligations on data controllers and data processors which you need to be aware of.

We can assist you at all stages in the development of your data protection system.

GDPR Readiness

The GDPR introduces a number of new rights for individuals including:

  • rectification
  • erasure
  • data portability

and new obligations for data controllers / processors including:

  • the need to establish a lawful basis for processing
  • the need to appoint a Data Protection Officer in some cases
  • restrictions on international transfer of data
  • data breach reporting requirements.

We have a thorough understanding of the GDPR and can help you adjust to the new requirements. We also offer a virtual DPO service for those companies who require a DPO, or prefer to appoint one.

Contact us for more information

Policies and Procedures

The starting point for effective data protection is a detailed Data Protection Policy. This should then be backed up with more detailed procedures for specific topics.

If you are creating policies for the first time, we have templates which will speed up the process and ensure you are covering all the required areas. We can work with you to tailor these templates to your company.

If you have existing policies which are due for review (in particular checking for changes required by the introduction of the GDPR on 25 May 2018), we can help you identify areas that need to be updated and incorporate current best practices.

Contact us for more information

Data Audit

Before you can prepare a Data Protection policy, you need to understand what personal data you hold. Indeed, this is the one of the early steps in the ICO’s own “12 Steps To Take Now” document about preparing for GDPR.

We have experience of running Data Audits to identify personal data together with meta data required by the GDPR such as:

  • lawful purpose for processing
  • data ownership
  • data sharing.
Contact us for more information

Virtual DPO

For organisations which need or want to appoint a DPO but don’t have available resources for the role in-house, we offer a virtual DPO service.

Our service gives you a named individual who will get to know your business and then act as your DPO, providing on-going guidance to your data protection efforts.

Contact us for more information