Home / Media Centre / Blogs / GDPR – Need help?

GDPR – Need help?

Posted onJanuary 2018
Share this article
- Share this article on twitter
- Share this article on linkedin

LCF Law Solicitors | General Data Protection Regulation | keywords In May 2018 the General Data Protection Regulation (GDPR) will be fully in force, increasing the regulations surrounding the collection and processing of personal data. The GDPR will also greatly increase the potential penalties for non-compliance. James Sarjantson details the key actions you should be taking NOW to move towards GDPR compliance:

Review Information

Undertake an "information audit" to document:

The personal information that you hold (which could be the personal data of employees, clients, suppliers, etc);
How that personal data was collected;
With whom it is shared (which could include, for example, outsourced suppliers).

Remember, what matters here is personal data, i.e. any information relating to an identified (or identifiable) living person.

Lawful Basis of Processing

You need to consider, and identify in your data protection documentation, the lawful basis upon which you process all personal data. You must document the decision making and the policies and procedures you adopt to ensure compliance. The lawful bases for processing personal data are:

Consent;
Necessary for performance of a contract;
Legal Obligations (i.e. processing under a legal obligation to do so);
Vital Interests (i.e. necessary to protect the data subject's vital interests);
Public Interest (i.e. under official authority);
Legitimate Interests (this is likely to be a key basis for many businesses - this includes ordinary honest business practices and can include direct marketing, but must be balanced against the interests of the data subject concerned* ).

New GDPR standards will make it harder to rely on the data subject's "consent" to processing - for example in respect of your marketing activity. You should review how any consents were previously obtained and, if necessary, consider refreshing them or relying on another lawful basis of processing.

Update Privacy Policies

You will need to update and enhance your written privacy policies and notices. You need to tell people how their data will be used. For example, you now need to identify in those notices the basis on which you process personal data, and any data retention periods.

New Rights and Subject Access Requests

Individuals have new and enhanced rights in respect of their data. You should ensure that you have systems in place that allow you to swiftly locate all personal data you hold, so that you can respond to detailed subject access requests within the new (shorter) timescales, and if necessary to delete that data. Document how you comply with the principles below.
The New Data Protection Principles that you must comply with when processing ANY personal data are:

Lawfulness & Transparency (includes the requirement for privacy notices when collecting data);
Purpose Limitation (collect data for specific, identified purposes, and do not further process the data in any manner incompatible with these purposes);
Data minimisation (only keep what is relevant and necessary);
Accuracy (keep it up to date);
Storage Limitation (only keep it for as long as is necessary);
Integrity and confidentiality (appropriate technical/IT security measures).

Data Rights & Data Breaches

In the event of a data breach you may need to notify the data subject(s) concerned, and your supervisory data protection authority, within very short timescales. Policies and procedures will need to be in place to ensure you can do this.

LCF Law can provide a consulting service to advise and assist your internal teams to achieve GDPR compliance, as well preparing bespoke documentation to evidence your compliance.

(*and is subject always to the Privacy and Electronic Communications Regulations)

James Sarjantson | Commercial Lawyer | LCF Law Solicitors | Leeds This article was written by James Sarjantson. James is a Partner in our Corporate team and is based in Leeds.

James Sarjantson has dealt with Data Protection matters on behalf of clients for many years and is able to provide practical and commercial solutions to issues raised by the General Data Protection Regulations [GDPR], and to advise on the steps that businesses can take themselves to move towards compliance.

Further advice please contact James Sarjantson on 0113 201 0401 or ku.oc1701691231.fcl@1701691231nostn1701691231ajras1701691231j1701691231

Get in touch

Recommended by our clients

The whole process from start to finish was impeccable. Jo was truly amazing. Wouldn’t use any other law firm.

G

G Bray
I personally do not think you could improve on your service. My whole experience was excellent and I was made to feel at ease immediately starting with your receptionist. Ann was brilliant in explaining things to me and was very friendly and professional at all times. I would certainly recommend you to friends.

B

B. Chinque
I’ve used LCF for many years and no matter which department I have had to use the level of service has always been high.

C

C. Davitt
Both Clare and Amber have been very helpful and professional throughout and we’re very grateful for all their patience and kindness.

R

Rebecca Rushton
I was very satisfied with my experience with LCF Law. Having a new business, I was guided through a contractual process with support and a very down to earth approach.
I would highly recommend the firm and wouldn’t hesitate to get in touch in the future.

K

K. Davison
I have been extremely impressed by the care and attention given to various queries I have raised over time. I have confidence that I have a very good solicitor and have indeed recommended her to other people. I feel my affairs are in safe hands!

R

Rebecca Cecilia Phillips
Cathy Cook was excellent – met all deadlines without fail & where required was happy to take calls outside of normal office hours.

A credit to your organisation.

J

J. Rogerson
Excellent service throughout the whole process!

H

H. Morgan
This is the first time I have used LCF Law. The service and advice I received were exemplary. I was able to proceed with my project far more quickly than anyone expected.

J

J. LEIGHTON
Very happy with the service received, we are very confident knowing James Sarjantson has our back.

N

N. Eagleton