General Data Protection Regulations – GDPR

The General Data Protection Regulation (GDPR) – comes in to force this year and it’s time to start making preparations.

The GDPR is the biggest shake up in data protection and privacy law in a generation. It is not affected by the UK’s decision to leave the EU. The UK Government is introducing a new Data Protection Bill incorporating the provisions of the GDPR.

GDPR comes in to force on 25 May 2018

Any business, public authority, third sector organisation or social enterprise collecting, storing and using the personal data of EU residents is affected by the changes – even those outside the EU.

The GDPR will introduce a new compliance regime, including an obligation to notify data breaches. Fines for breaches will be up to €20m or 4% of global turnover. These figures far exceed the current maximum fine of £500,000 that can be issued by the Information Commissioner’s Office (ICO).

The GDPR also gives individuals new and enhanced rights over their personal data. This includes a right to withdraw consent to data processing, a right to data portability and a right to be forgotten.

For the first time, businesses that process personal data as an incidental part of providing services to corporate clients will also come within the compliance regime and could therefore face direct enforcement action.

Data protection is a broad topic, so we have put together a team of data protection experts with experience across a range of legal disciplines.  We also work with our technology partners that can review your IT security measures and help you with any necessary enhancements.

Our team has expertise in:

  • lawful data processing
  • digital technology and data security including using the cloud
  • transferring data
  • commercial contracts with third parties
  • employee activity and data including monitoring
  • using personal data for marketing activity
  • cyber crime
  • defending civil claims for compensation and breach of privacy
  • reporting data breaches to the ICO

We can work in partnership with you to:

  • ensure you understand your obligations under the GDPR
  • assess your current compliance in order to identify actions you need to take
  • prioritise your actions by applying a risk-based approach
  • help you with practical solutions that will ensure compliance, including policy development, privacy notices, consents, data processing and data sharing agreements and staff training

Let us help you to prepare

We offer a range of flexible packages to suit you and your organisations’ needs. We offer the following services:

  1. Tailored briefing for your senior management team to raise awareness of the GDPR
  2. Full data mapping exercise to audit and review the GDPR readiness of your whole organisation. The plan produced is a key document that provides a business-wide, prioritised roadmap for the work and changes required in order to achieve compliance
  3. Specific mini-audits to cover key areas of your business such as HR, marketing, digital and accounts
  4. Legal document review of your data protection policy and record-keeping process, privacy notices, consents, contracts with third parties and data transfer documentation
  5. IT security audit, conducted by one of our partners, to review your IT security systems and recommend any technical remediation work
  6. Training for your in-house GDPR project team, as well as ongoing legal support for them as you get to grips with your preparations. This can be paid for “as needed” or on a retainer basis
  7. Assistance with the development of staff policies and training programmes for staff – a critical part of demonstrating compliance under the GDPR
  8. Any other legal remediation work as may be required

For clients that buy any of the above or who are existing clients of Hugh James, you will benefit from a free GDPR hotline advice service for when you get stuck and need some direction.

If you would like to talk through the implications of the GDPR on your organisations, or for more details of our packages, please do not hesitate to contact us.

Latest Tweets
Our Offices

Hodge House
114 - 116 St. Mary Street
Cardiff, CF10 1DY
Tel: 029 2022 4871
Fax: 029 2038 8222

Temple Chambers
3-7 Temple Avenue
London, EC4Y 0DA
Tel: 020 7936 3453
Fax: 020 3053 8562

Make an enquiry
ISO 9001 Management Systems BWPNG