GDPR Requirements UK
Our GDPR lawyers have the ability to not only advise you on the legal framework of the GDPR but the practical implications and challenges you may face when trying to ensure your company remains compliant. Through assisting in the firm’s internal process to become GDPR compliant as well as those of our clients, our GDPR lawyers have first-hand experience of the challenges faced and practical insights in ensuring compliance. We believe that this practical knowledge will be invaluable in ensuring that your company’s process to maintain compliance will be as smooth as possible.
The General Data Protection Regulation (GDPR) came into effect in the UK on 25 May 2018, strengthening existing legislation and creating new requirements for companies who control or process personal data. Our Quick Guide (The General Data Protection Regulation: A quick guide) sets out the full requirements and detail of the GPDR including the difference between data processors and controllers and their respective obligations and the individual’s rights. Your business should already be meeting GDPR requirements, but our team of GDPR lawyers can help ensure that you maintain this compliance going forward.
Steps to be taken
It is important that your company is currently meeting the GDPR requirements that were introduced in May 2018, and that you continue to maintain compliance:
1. Carry out an audit of what personal data you hold and how you process it. Also to understand ongoing record keeping obligations and use of Privacy Impact Assessments for that purpose.
2. Check whether your contracts with data processors (in particular) contain GDPR compliant data protection clauses.
3. Ensure your business meets the GDPR standard for protecting personal data from a technological and organisational standpoint.
4. Ensure your marketing initiatives are GDPR compliant - particularly whether your consent wording that has been used to collect email address data sets for direct marketing is GDPR-compliant.
6. Ensure that you comply with the new data subject rights (such as the right to have all personal data an organisation holds on you permanently erased - 'right to be forgotten').
7. Identify whether you are required to appoint a Data Protection Officer and, if so, whom you might appoint (the required qualifications are quite high).
8. Taking certain key steps to mitigate against the potential impact of an ICO audit.
If you would like to further discuss any of the information detailed above, please contact Joanne Gallagher, Head of Corporate & Commercial on 01322 623708 or at firstname.lastname@example.org.