How to start your GDPR journey

  • An introduction to the data protection management service at 2020 Business Law
  • A retainer style support service to put corrective actions in place
  • Provision of a privacy, security and governance platform

The UK General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). GDPR will bring data privacy up-to-date in the digital age and provide consumers with reinforced rights to access information that is held on them. This will require all organisations to manage that data better.

As the GDPR applies regardless of where the websites are based, it must be utilized by all sites that attract European visitors. This is regardless of whether they market services, or goods, to EU residents.

Under the GDPR, you must appoint a Data Protection Officer (DPO) if you carry out certain types of data processing activities, or you are a public authority. The DPO informs, trains and advises your organisation, and its employees, on data protection obligations. It provides clear advice on data protection impact assessments, monitors compliance with data protection law, acts as a point of contact for data subjects/supervisory authorities, and must be able to report directly to the highest management level in your organisation.

All organisations in the UK are subject to the following laws:

1. the Data Protection Act 2018
2. the Retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR)
3. the GDPR where they process data relating to EEA data subjects
(we refer to all of these together as the Data Protection Legislation).

Not only can data privacy failings result in substantial fines, the Information Commissioners Office (ICO), has the power to stop an organisation from using data. The ICO is considered the UK’s data privacy watchdog and they can effectively stop your business from operating, while you put fixes in place. The impact on the reputation (and consequent valuation) of a business found to be lacking in this area, can be difficult to overcome for many.

In the absence of a disaster scenario, gaps in compliance with the Data Protection Legislation often come to light during the due diligence process for a funding round, or a business sale. Compliance issues such as this can have a serious impact on the valuation of a business.

We recommend pro-active auditing of compliance with the Data Protection Legislation. 2020 Business Law can help put your organisation on the right track.

Under the Data Protection Legislation an organisation should be able to demonstrate that it:

• understands its obligations in relation to personal data and
• has measures in place to achieve compliance

These include:

1. implementing procedures and policies to ensure full compliance
2. implementing data protection by design and default in its business operations through planning and project management
3. having auditable procedures in place to action data subject rights, such as rights of access, erasure, rectification and blocking of data
4. effectively managing overseas transfers of data
5. training staff to ensure they understand their obligations and how they contribute to achieving compliance

The first steps on the path to achieving compliance and being able to demonstrate how it is achieved is by undergoing a Data Protection audit. This covers the immediate obligation whilst providing an insight into compliance gaps to be filled to help you along your GDPR journey.

Once we have audited, we provide a retainer style support service to put corrective actions in place. For certain clients, this may include the provision of a privacy, security and governance platform for businesses, for the purposes of:

• privacy impact assessments
• data mapping
• identifying privacy risks and enforcing risk management

If you would like to discuss any aspect of our services or for further information, please do not hesitate to get in touch. We have lawyers based in London, Surrey, Hampshire and around the UK so always happy to meet you anywhere that is convenient for you.
020 3740 2370