The landscape of data protection is increasingly important, to businesses and to individuals. Barely a week goes by without a data or privacy story leading the news. The General Data Protection Regulation (GDPR) is now in place, and both EU and non-EU entities must understand its implications and be ready to comply with the rules.
GDPR reaffirms and enhances, sometimes significantly, the rights of citizens and consumers to access their data electronically, to have it corrected or deleted and to scrutinise data processing. The potential penalties for non-compliance have also risen sharply, requiring proper judgement and design to be applied to data collection, and rapid notification if data is lost. But data is also a strategic issue – choosing what data to collect, how to use it, and how to protect it can bring great benefits; the value of a business can be greatly increased by good data practice.
We advise our clients on how best to achieve their strategic objectives whilst complying with an evolving regulatory regime. We can highlight gaps in compliance and explain how to implement the policies and procedures needed, as well as dealing with any incidents that may occur.
Our group comprises data protection experts as well as non-lawyer cyber security specialists, allowing us to give the full spectrum of advice. The GDPR regime means both process and technology changes and we can guide our clients through, from initial data audit and ongoing compliance to industry standard benchmarking techniques. We also offer a Virtual DPO service for organisations that are required to appoint a Data Protection Officer but may not have the capability in-house.
GDPR explained in three short films:
Each data protection strategy will be unique to the given business or personal situation. The first step is a conversation with our team who will map out the best solution. Depending on the outcome of this assessment and the maturity of existing measures, we will recommend a combination of the following: