We advise on data protection, freedom of information, confidentiality and privacy. We can help ensure sure your organisation will comply with the EU’s General Data Protection Regulation (GDPR) and Regulation on Privacy and Electronic Communications (PECR) and the Data Protection Act 2018.
How to comply with data protection requirements
There are likely to be key areas which if tackled first will greatly reduce the risk of non compliance. Our approach is based on assessing the greatest risks and targeting those, providing you with the documentation required to demonstrate compliance.
Privacy notices and privacy policies
All organisations use personal data and therefore almost all will need to display a privacy notice or policy which describes how personal data will be processed. Special category data requires particularly careful treatment.
What to do in the event of a breach
We defend organisations facing claims from individuals and investigations by the Information Commissioner’s Office (ICO).
We can help you with:
- data processing and data sharing agreements
- transferring data outside the European Economic Area (third country transfers)
- data audit
- data protection training
- implementing data governance programmes
- drafting data protection policies and privacy notices
- e-commerce and direct marketing requirements
- subject access requests
- preventing and managing data breaches
- responding to the regulator.
Our GDPR experience includes:
- auditing and advising a professional institution on GDPR compliance
- advising online retailers on the changes required to their websites and behavioural marketing
- providing documentation for charities on how to treat donors and supporters’ data
- implementing website terms, booking processes and sales training to leisure and tourism businesses to ensure their data capture is compliant
- advising housing associations and registered providers on the implementation of privacy by design measures.