Our Service

Data protection law requires organisations to demonstrate compliance.

This can be difficult to achieve without having in place appropriate policy documentation and written protocols or operating procedures which evidence understanding and promote adequate data protection practices.

All businesses should consider and review whether there is in place adequate documentation to reassure both the regulator, consumers, employees and third parties that appropriate measures have been put in place to ensure compliance.  Many third parties and business partners through their own due diligence will require a statement confirming compliance in order to enter into or continue commercial relationships.

What are the data processing recordkeeping requirements?

Most businesses will be required to keep a formal record of their regular data processing activities.  The much talked about small employer exemption is narrow and in any event it will be difficult for a business to demonstrate compliance if it does not hold an inventory of the personal data it holds and processes.  A data processing record must include, amongst other details, full details of the categories of data processed, the basis for such processing and details of security measures in place.

 

What policies and procedures do we need to put in place?

Find out more here.

 

When must a data protection impact assessment be completed?

Most businesses will be required to keep a formal record of their regular data processing activities.  The much talked about small employer exemption is narrow and in any event it will be difficult for a business to demonstrate compliance if it does not hold an inventory of the personal data it holds and processes.  A data processing record must include, amongst other details, full details of the categories of data processed, the basis for such processing and details of security measures in place.

What privacy notices must be issued?

All data subjects about whom your business processes personal data should be issued with a formal Privacy Notice which is compliant with GDPR requirements.  Such notices include details of the processing, the purposes of it and legal basis for it, retention periods and details of the data subjects rights.  Privacy Notices should be included in employee documentation, consumers terms and conditions and included on your business website.

What terms and conditions do we need to put in place?

Find out more here

Contact Us

Meet Our Specialists

Home-grown or recruited from national, regional or City firms. Our specialists are experts in their fields and respected by their peers.

Joanne Henderson

Joanne Henderson

Jo is a Partner in both our Employment and Compliance departments

Carla Murray

Carla Murray

Carla is a Partner in our Corporate Commercial department

David Jones

David Jones

David is a Solicitor in our Employment department

Terry Moore

Terry Moore

Terry is a Solicitor in our Corporate Commercial department