PRODUCT

CB Comply: DSAR & data breach response

who should you talk to? make an enquiry
who should you talk to?

Scroll Down

Getting in front of a data breach or data subject access request.

Much time has passed since the implementation of the GDPR and Data Protection Act (DPA) in 2018 and the Information Commissioner’s Office (ICO) has now started to show its teeth. Record fines have been issued to British Airways and the Marriott hotel chain and there will doubtless be more to follow.

Organisations should now have their ‘house in order’, in terms of data protection policies, procedures and security. However, even the most compliant of organisations will at some point be approached for a DSAR (Data Subject Access Request) or suffer a data breach. How your business deals with that breach or request could be the difference between a small ‘slap on the wrist’ and much more serious enforcement action, along with the painful damage to brand and reputation that can follow.

How Collyer Bristow can help:

Read more

DATA BREACH & DSAR RESPONSE

Compliance with the GDPR is not just about having the right policies and procedures in place, it is mainly about putting them into practice effectively and consistently. There are a few simple things that can be done to limit the risks for your business.

Download this page as PDF

Tips on maintaining the security of personal data while working from home

With offices mainly moving to remote working, it is important that employees are keeping vigilant to ensure the personal data being dealt with is kept secret and confidential and used for the proper purpose. Read our six tips to help manage the data protection risks whilst working outside the office.

Download data protection tips

More information

DATA BREACH RESPONSE

Data controllers may be required to report a data breach to the ICO without undue delay and, where feasible, not later than 72 hours after becoming aware of it. If faced with a data breach Collyer Bristow’s dedicated Data Protection Team can work with you to ensure that your response is handled correctly and within the time limits. We’ll advise whether the breach is serious enough to be reported to the ICO and/or data subjects and guide you through the notification process. Should the ICO issue enforcement actions against you we can advise you on how to respond and implement any remedial changes required to your policies and procedures.

Any data breach can cause reputational damage: misuse of data increasingly has serious consequences for a company’s image. A lost laptop, a disgruntled employee utilising data, or a mismanaged marketing campaign can seriously affect customer trust and public perception. With social media, the impact can be swift and difficult to mitigate. Our team can move quickly to help you build a response plan to limit the possible brand and reputational damage that can result from a serious breach.

Make an enquiry

DATA SUBJECT ACCESS REQUEST (DSAR) RESPONSE

Under the GDPR and DPA the rules governing the response to handling requests from individuals to access the personal data that you hold on them, known as a Data Subject Access Request (DSAR), have been tightened up. You must act on a DSAR without delay
and in most cases respond within one month. We can help you to put suitable policies and procedures in place and advise you on the practicalities of preparing a response which complies with the law.

Make an enquiry

DATA PROTECTION TRAINING

Policies and procedures are only effective if they are both familiar and well-understood. We can provide your management team, your compliance team and/or your sales and marketing team with bespoke training to advise them on a wide range of issues around GDPR and data protection, including all or some of the following:

  • Knowing what policies and procedures there are and what they say;
  • Identifying situations with a high risk of a data breach or a significant non-compliance;
  • Dealing efficiently with Data Subject Access Requests (DSARs) and other rights
    asserted by data subjects;
  • Responding quickly and effectively to a serious data breach;
  • Managing and minimising the reputation ‘fall-out’ following a major data breach;
  • Responding to enforcement actions and enquiries from the ICO;
  • Ensuring improved compliance with the GDPR and DPA.

Make an enquiry

More information

Select Option

DATA BREACH RESPONSE

DATA BREACH RESPONSE

Data controllers may be required to report a data breach to the ICO without undue delay and, where feasible, not later than 72 hours after becoming aware of it. If faced with a data breach Collyer Bristow’s dedicated Data Protection Team can work with you to ensure that your response is handled correctly and within the time limits. We’ll advise whether the breach is serious enough to be reported to the ICO and/or data subjects and guide you through the notification process. Should the ICO issue enforcement actions against you we can advise you on how to respond and implement any remedial changes required to your policies and procedures.

Any data breach can cause reputational damage: misuse of data increasingly has serious consequences for a company’s image. A lost laptop, a disgruntled employee utilising data, or a mismanaged marketing campaign can seriously affect customer trust and public perception. With social media, the impact can be swift and difficult to mitigate. Our team can move quickly to help you build a response plan to limit the possible brand and reputational damage that can result from a serious breach.

Make an enquiry

DATA SUBJECT ACCESS REQUEST (DSAR) RESPONSE

DATA SUBJECT ACCESS REQUEST (DSAR) RESPONSE

Under the GDPR and DPA the rules governing the response to handling requests from individuals to access the personal data that you hold on them, known as a Data Subject Access Request (DSAR), have been tightened up. You must act on a DSAR without delay
and in most cases respond within one month. We can help you to put suitable policies and procedures in place and advise you on the practicalities of preparing a response which complies with the law.

Make an enquiry

DATA PROTECTION TRAINING

DATA PROTECTION TRAINING

Policies and procedures are only effective if they are both familiar and well-understood. We can provide your management team, your compliance team and/or your sales and marketing team with bespoke training to advise them on a wide range of issues around GDPR and data protection, including all or some of the following:

  • Knowing what policies and procedures there are and what they say;
  • Identifying situations with a high risk of a data breach or a significant non-compliance;
  • Dealing efficiently with Data Subject Access Requests (DSARs) and other rights
    asserted by data subjects;
  • Responding quickly and effectively to a serious data breach;
  • Managing and minimising the reputation ‘fall-out’ following a major data breach;
  • Responding to enforcement actions and enquiries from the ICO;
  • Ensuring improved compliance with the GDPR and DPA.

Make an enquiry

View our CB Comply: DSAR & data breach response Lawyers:

Patrick Wheeler

Patrick Wheeler

Partner - Head of IP & Data Protection

Talk to Patrick about Intellectual property disputes & Data protection & Digital & Intellectual property & Manufacturing

Related content

“It would be a mistake for organisations to get complacent about the GDPR, the ICO has very real powers and is starting to take a tough line.”

Patrick Wheeler

Collyer Bristow LLP

close

CB Comply: DSAR & data breach response Key contact

Patrick Wheeler

Partner - Head of IP & Data Protection

+44 20 7470 4432

+44 7786 962089

patrick.wheeler@collyerbristow.com

View Patrick's profile View profileNeed more information? Make an enquiry
×

Need some more information?

Make an enquiry



    Want to talk to someone? talk to Patrick now

    Subscribe

    Please add your details and your areas of interest below

    Specialist sectors:

    Legal services:

    Other information:

    Jurisdictions of interest to you (other than UK):



    Message us on WhatsApp (calling not available)

    Please note that Collyer Bristow provides this service during office hours for general information and enquiries only and that no legal or other professional advice will be provided over the WhatsApp platform. Please also note that if you choose to use this platform your personal data is likely to be processed outside the UK and EEA, including in the US. Appropriate legal or other professional opinion should be taken before taking or omitting to take any action in respect of any specific problem. Collyer Bristow LLP accepts no liability for any loss or damage which may arise from reliance on information provided. All information will be deleted immediately upon completion of a conversation.

    I accept Close

    Close
    Scroll up

    Find out about Business

    Find out about Dispute Resolution

    Find out about Individuals & Families

    Find out about Real Estate

    We are Collyer Bristow - The law firm for those that
    value individuality, creativity and collaboration.

    Legal & Pricing info Regulatory InformationAccessibilitySitemapPricing and service information

    Listen to our latest podcast: Budget Miniseries: Impacts on Families with US Connections (Part 1)

    Listen to our latest podcast: Cracking the Code on Directors’ Service Agreements

    Read our latest article: Economist, or just economical with the truth? How can employers respond to ‘fake claims’ on a CV?

    Listen to our latest podcast: Autumn Budget 2024 Special (Part 2)

    Read our latest article: ‘Promoting the integrity of the register’: The new Companies House approach to non-compliance

    ExpandNeed some help?Toggle

    < Back to menu

    I have an issue and need your help

    Scroll to see our A-Z list of expertise

    Get in touch

    Get in touch using our form below.



      Business Close
      Private Wealth Close
      Hot Topics Close