Why our colleagues are proud to work for us
Our 30 second video gives an overview of our score for pride at work in the Sunday Times Best Place to Work survey.
In May 2018 the General Data Protection Regulation (GDPR) will be fully in force, increasing the regulations surrounding the collection and processing of personal data. The GDPR will also greatly increase the potential penalties for non-compliance. James Sarjantson details the key actions you should be taking NOW to move towards GDPR compliance:
Undertake an "information audit" to document:
Remember, what matters here is personal data, i.e. any information relating to an identified (or identifiable) living person.
Lawful Basis of Processing
You need to consider, and identify in your data protection documentation, the lawful basis upon which you process all personal data. You must document the decision making and the policies and procedures you adopt to ensure compliance. The lawful bases for processing personal data are:
New GDPR standards will make it harder to rely on the data subject's "consent" to processing - for example in respect of your marketing activity. You should review how any consents were previously obtained and, if necessary, consider refreshing them or relying on another lawful basis of processing.
Update Privacy Policies
You will need to update and enhance your written privacy policies and notices. You need to tell people how their data will be used. For example, you now need to identify in those notices the basis on which you process personal data, and any data retention periods.
New Rights and Subject Access Requests
Individuals have new and enhanced rights in respect of their data. You should ensure that you have systems in place that allow you to swiftly locate all personal data you hold, so that you can respond to detailed subject access requests within the new (shorter) timescales, and if necessary to delete that data. Document how you comply with the principles below.
The New Data Protection Principles that you must comply with when processing ANY personal data are:
Data Rights & Data Breaches
In the event of a data breach you may need to notify the data subject(s) concerned, and your supervisory data protection authority, within very short timescales. Policies and procedures will need to be in place to ensure you can do this.
LCF Law can provide a consulting service to advise and assist your internal teams to achieve GDPR compliance, as well preparing bespoke documentation to evidence your compliance.
(*and is subject always to the Privacy and Electronic Communications Regulations)
James Sarjantson has dealt with Data Protection matters on behalf of clients for many years and is able to provide practical and commercial solutions to issues raised by the General Data Protection Regulations [GDPR], and to advise on the steps that businesses can take themselves to move towards compliance.
Further advice please contact James Sarjantson on 0113 201 0401 or ku.oc1701691231.fcl@1701691231nostn1701691231ajras1701691231j1701691231
Contact our offices
Make an enquiry