General Data Protection Regulation
GDPR (General Data Protection Regulation) is everywhere, but what do you actually need to do?
Major changes to data protection and privacy laws will come into force this year and organisations will need to be prepared.
The new Regulations apply from 25 May 2018 so there is still time to get things done - but not enough time to ignore the need to make changes.
There are some onerous obligations, many of which will take time to prepare for, so action does need to be taken immediately.
B P Collins’ corporate and commercial partner Alex Zachary and employment associate Hannah Kiing are already helping a number of clients and can assist you to ensure you are ready in time for the change.
Some of the areas changing are:
- Increased enforcement powers for the Information Commissioner
- Consent as a legal basis for processing will become harder to obtain
- New requirements regarding Data Subject Access Requests
- Strict new data breach notification rules
- A risk based approach and privacy by design obligations
- The introduction of a new “right to be forgotten” for data subjects
- New obligations for data processors
- Companies with over 250 employees will need to maintain detailed documentation
The penalties for breaching the new data protection laws could cripple a company with fines of up to 4% of annual turnover or 20 million Euros – so it would be prudent to contact our team now to reduce the scope of your business falling foul of the rules in the future.
We provide advice about the action your business needs to take and can help you shape your future policy, with all advice being tailored for your business.
We offer a wide range of flexibly priced GDPR services including:
- Briefing your senior management team to raise awareness of the GDPR;
- Helping you to audit your organisation’s data and processing activities, developing a plan for carrying out the work and making the changes needed to meet the GDPR’s requirements;
- Reviewing your legal documents, including your data protection policy and record-keeping processes, privacy notices, consent forms, terms and conditions of business and data transfer documentation;
- Undertaking HR audits in relation to GDPR;
- Reviewing, drafting or updating employee handbooks, contracts and privacy notices;
- Training your in-house GDPR project team and giving them on-going legal support to help with their preparations;
- Helping you develop or update staff policies and training programmes for staff - a critical part of demonstrating compliance under the GDPR;
- Helping you prepare and negotiate contracts with your customers and suppliers, involving data processing, which comply with the new rules.