Compliance as a competitive advantage.
As technology has advanced in recent years data, and specifically personal data, has become a central component of the vast majority of businesses. At the same time, a more strictly regulated legal framework has developed around privacy and data protection. Regardless of size or location, businesses must ensure they are collecting, storing and using individuals’ personal data lawfully. Whilst it may seem onerous, good data privacy practice is and will continue to be crucial for your business from both a regulatory and reputational perspective, and strong compliance can give you a competitive advantage.
If you are uncertain of your current compliance position or think there may be areas still to be addressed and improved, you need advisers who can devise a practical and effective compliance strategy for your business now and moving forward.
Our Data Protection team supports SMEs across a wide range of industries in ensuring compliance with data protection legislation, including the GDPR and Data Protection Act 2018. We offer a range of services, including:
- An assessment of your business to evaluate your current policies and procedures and identify any failures in compliance;
- Helping you to create and implement a pragmatic compliance programme, tailored specifically to your business and aligned with your commercial objectives;
- If a data breach does occur, or if you receive subject access requests, our DSAR and breach response support will assist you to deal with the incident swiftly and efficiently, ensuring the least possible disruption to your business and your clients; and
- Providing training for staff and/or management to ensure that data protection issues and potential issues can be recognised and dealt with before they become major challenges to your business.
See below for a wide range of downloadable tools to support your GDPR compliance.
What to do if a data breach occurs
Under the GDPR the rules on reporting a data breach which results in a risk to an individual’s rights and freedoms are very strict. Failure to report may incur a fine of up to €10 million or 2 % of your company’s global turnover, or other sanctions.
How to respond to a Data Subject Access Request
Under the GDPR, data subjects have the right to access their own personal data held by an organisation. You must act on the Data Subject Access Request (DSAR) without undue delay and at the latest within one month. Failure to reply or a delay beyond one month without good reason may lead to a complaint to the Information Commissioner’s Office.