Data Protection & Privacy
Data Protection is an area of increasing importance in the new technological age and is a rapidly developing area of law. The difficulty faced by Organisations trying to achieve compliance has meant that this area of law has been increasingly plunged into the media spotlight over recent years.
This, together with the UK Information Commissioner’s power to fine organisations up to £500,000 and dawn raid powers - already in place for the public sector and expected to come soon for the private sector - has meant this area has developed from a “nice to have” to a “must have”. Ignoring data protection issues carries a genuine threat of large fines, criminal offences and serious adverse PR.
The proposed new General European Data Protection Regulation ("GDPR") on the horizon is set to increase the level of fines further - to up to 4% of an Organisation's annual worldwide turnover or EUR 20 Million, whichever is the greater.
Data Protection & Privacy Law matters which we can assist you with may include:
- Data Protection Compliance Audits, Privacy Impact Assessments & Compliance Implementation Plans
Carrying out detailed company-wide assessments or ICO privacy impact assessments of an Organisation’s data processing activities. These are usually carried out by designing relevant questionnaires, interviewing staff, reviewing current policies and procedures and compiling reports setting out compliance levels and recommendations on practical steps that are needed to address areas of risk and best practice
- Compliant data transfer inside and outside the EEA
Advising on how to transfer information internationally by using, for example, the European Standard Contractual Clauses, Binding Corporate Rules, consent based transfers, Adequacy Self-Assessment or how to transfer data in a compliant way to the USA.
- Data Retention Audits & Policies
Carrying out company-wide assessments of an Organisation’s data retention needs by designing retention questionnaires, interviewing staff, reviewing current policies and procedures and compiling compliance reports. Drafting Data Retention Schedules to help ensure ongoing compliance on a practical level
- Compliant e-privacy and direct marketing campaigns
Advising on how best to exploit your customer databases without breaching the raft of complex legislation (including the Data Protection Act and Privacy & Electronic Communications Regulations) governing these activities
- Fair Collection Statements, Website Privacy Policies and Health Checks
Drafting or reviewing fair processing information / data collection statements and privacy policies as well as reviewing data collection forms and methods of obtaining compliant opt-in and opt-out consents
- Assisting with regulatory investigations by the UK Information Commissioner and other regulatory bodies (such as the FCA, Charities Commission, Ofsted) concerning data protection and data security breaches and minimising risks of enforcement action
- Advising on data protection breach management generally including drafting data breach reports and submissions to the ICO and others
- Data Protection policies, handbooks and employment documentation
Drafting and reviewing data protection policies and procedures to ensure compliance with the legislation and best practice where appropriate
- Data Processing Agreements
Where you are a data controller in relation to personal data held and you decide to appoint a data processor to carry out certain business functions for you (for example, payroll activities, contractors, call centres, mailing houses, debt collectors etc.) you are required by law to have a written agreement in place with that processor setting out certain key provisions. We can assist in drafting stand alone agreements, clauses for insertion into your main agreement or side letters where existing contractual arrangements are already in place
- Handling Subject Access Requests and Complaints
Assisting with the handling of and making of subject access requests and complaints in relation to data processing activities
- Data Protection & Information Security
Advising on issues around information security from a non-technical IT perspective - particularly in the context of new technologies and ways of working (cloud computing and bring your own device systems (BYOD) etc.)
- Preparation for the introduction of the new European General Data Protection Regulation (GDPR)
Advising on the changes coming in the new GDPR and carrying out a gap analysis for organisations wishing to understand how well they are prepared for the new compliance measures that will need to be in place under the GDPR
We are happy to discuss provision of a fixed cost data protection helpline service to assist you with your day to day data protection queries
- Advice on all other data protection projects and matters including:
- Advising on data protection issues associated with any new business projects
- Procurement of Data Protection compliant systems
- Particpating in or engaging with Big Data and Data Analytics Projects
- Carrying out Privacy Impact Assessments
- Advising on data protection issues in contracts and in corporate transactions
For more information about our experience in these areas of law, please see
the Our Experience page.
Otherwise, please Contact Us to discuss your legal or consultancy requirements in more detail.