Home / Media Centre / Blogs / GDPR – Need help?

GDPR – Need help?

Posted onJanuary 2018
Share this article
- Share this article on twitter
- Share this article on linkedin

LCF Law Solicitors | General Data Protection Regulation | keywords In May 2018 the General Data Protection Regulation (GDPR) will be fully in force, increasing the regulations surrounding the collection and processing of personal data. The GDPR will also greatly increase the potential penalties for non-compliance. James Sarjantson details the key actions you should be taking NOW to move towards GDPR compliance:

Review Information

Undertake an "information audit" to document:

The personal information that you hold (which could be the personal data of employees, clients, suppliers, etc);
How that personal data was collected;
With whom it is shared (which could include, for example, outsourced suppliers).

Remember, what matters here is personal data, i.e. any information relating to an identified (or identifiable) living person.

Lawful Basis of Processing

You need to consider, and identify in your data protection documentation, the lawful basis upon which you process all personal data. You must document the decision making and the policies and procedures you adopt to ensure compliance. The lawful bases for processing personal data are:

Consent;
Necessary for performance of a contract;
Legal Obligations (i.e. processing under a legal obligation to do so);
Vital Interests (i.e. necessary to protect the data subject's vital interests);
Public Interest (i.e. under official authority);
Legitimate Interests (this is likely to be a key basis for many businesses - this includes ordinary honest business practices and can include direct marketing, but must be balanced against the interests of the data subject concerned* ).

New GDPR standards will make it harder to rely on the data subject's "consent" to processing - for example in respect of your marketing activity. You should review how any consents were previously obtained and, if necessary, consider refreshing them or relying on another lawful basis of processing.

Update Privacy Policies

You will need to update and enhance your written privacy policies and notices. You need to tell people how their data will be used. For example, you now need to identify in those notices the basis on which you process personal data, and any data retention periods.

New Rights and Subject Access Requests

Individuals have new and enhanced rights in respect of their data. You should ensure that you have systems in place that allow you to swiftly locate all personal data you hold, so that you can respond to detailed subject access requests within the new (shorter) timescales, and if necessary to delete that data. Document how you comply with the principles below.
The New Data Protection Principles that you must comply with when processing ANY personal data are:

Lawfulness & Transparency (includes the requirement for privacy notices when collecting data);
Purpose Limitation (collect data for specific, identified purposes, and do not further process the data in any manner incompatible with these purposes);
Data minimisation (only keep what is relevant and necessary);
Accuracy (keep it up to date);
Storage Limitation (only keep it for as long as is necessary);
Integrity and confidentiality (appropriate technical/IT security measures).

Data Rights & Data Breaches

In the event of a data breach you may need to notify the data subject(s) concerned, and your supervisory data protection authority, within very short timescales. Policies and procedures will need to be in place to ensure you can do this.

LCF Law can provide a consulting service to advise and assist your internal teams to achieve GDPR compliance, as well preparing bespoke documentation to evidence your compliance.

(*and is subject always to the Privacy and Electronic Communications Regulations)

James Sarjantson | Commercial Lawyer | LCF Law Solicitors | Leeds This article was written by James Sarjantson. James is a Partner in our Corporate team and is based in Leeds.

James Sarjantson has dealt with Data Protection matters on behalf of clients for many years and is able to provide practical and commercial solutions to issues raised by the General Data Protection Regulations [GDPR], and to advise on the steps that businesses can take themselves to move towards compliance.

Further advice please contact James Sarjantson on 0113 201 0401 or ku.oc1714805656.fcl@1714805656nostn1714805656ajras1714805656j1714805656

Get in touch

Recommended by our clients

We as a family were looked after amazingly well.

M

M. Patchett
Everyone was brilliant and extremely helpful. Talked us through everything and gave us great advice

A

A. Stead
We’ve been with LCF for many years and you are always on the ball!
We always receive a warm welcome at reception from the “girls” and a very professional team dealing with clients.

S

S & C. Robinson
The service received from LCF was excellent and I couldn’t have asked for better lawyers to assist me in what I needed to have done. Amjed and Anisha are both assets to the firm.

I

I. Mir
We have used both conveyancing and personal law and have been extremely satisfied with both departments. We found staff to be professional and efficient and have recommended you to others based on our experience.

Y

Y. Grant
Ann Christian was brilliant and pleasant to work with.

A

A. Patel
Fabulous service through out the whole process.

N

N. Baldry
The whole process from start to finish was impeccable. Jo was truly amazing. Wouldn’t use any other law firm.

G

G Bray
I personally do not think you could improve on your service. My whole experience was excellent and I was made to feel at ease immediately starting with your receptionist. Ann was brilliant in explaining things to me and was very friendly and professional at all times. I would certainly recommend you to friends.

B

B. Chinque
I’ve used LCF for many years and no matter which department I have had to use the level of service has always been high.

C

C. Davitt