Data Protection Law Solicitors
Data Protection & GDPR
Every business is likely to hold a large amount of ‘personal data’ about individuals – both clients and staff. If it is possible to identify an individual from the data you hold then that data is likely to be either ‘personal data’ or ‘sensitive personal data’ (as defined in the current Data Protection Act 1998), and needs to be treated in a particular way. With the introduction of the EU’s General Data Protection Regulations (“GDPR”) the definition of personal data is widening and you have to be more careful in the way you handle it. A breach of the GDPR can leave you facing large fines by the Information Commissioner’s Office. Worse still, it can leave you with a severely damaged reputation. We have an experienced lawyer who can provide the advice and guidance to make sure you comply with the regulations so your business name and reputation is known for all the right reasons.
What Do You Need to Have in Place?
- Data Privacy Manager – somebody to oversee and ensure that personal data is properly protected
- Lawfulness – establish the lawful reason for holding ‘personal data’ and make sure this has been explained to the individuals in clear and intelligible language
- Policy and procedure – it is important to have all the necessary policies and procedures in place to protect the rights of individuals
- ‘Privacy Impact Assessment’– be aware of when you might need to conduct an assessment in the future
- ‘Information Register’ – keep a register listing all the data you hold, how it is handled, all the policies you have, and what measures you have in place to ensure individuals’ rights are protected