Solutions-focused advice on the General Data Protection Regulation (GDPR)
-
About GDPR
The General Data Protection Regulation (GDPR) is the European Union’s data protection regime which came into effect in May 2018.
- It has a wide territorial scope– it applies not only to organisations with a physical presence in EU member states, but also to entities located anywhere in the world, if they are processing personal information about, or monitoring the behaviour of, EU citizens.
- GDPR also introduces vastly increased fines. The maximum fine for a serious infringement is 4% of annual worldwide turnover, or €20 million, whichever is the greater. Therefore even a smaller organisation could potentially face an administrative fine of up to €20m.
- Organisations to which GDPR applies must, if they are not themselves established in an EU member state, formally designate a representative established within the EU,for GDPR compliance. It is easy for the data protection authorities to check whether or not you have done this, and there are only limited exceptions to the rule. This obligation will potentially apply also to UK-based entities, following Brexit, and to any organisations that trade with the UK, they’ll need to appoint a UK Representative if they have no physical base in the UK.
-
How we can help your organisation
When you work with us, we’ll always look at the ‘big picture’ for your business – so the solutions we give you will be both practical and commercial.
We can help you with:
- Acting as your Article 27 EU Representative through our affiliate company, Willans Data Protection Services. Find out whether your organisation needs to appoint an EU representative.
- Acting as your UK Representative – find out whether you need to appoint a UK representative
- Gap analysis and advice on remedial actions
- Data audits and compilation of Article 30 records (legally required records of your data processing activities)
- Developing your data protection policies, procedures and privacy notices
- Advice on measures to be taken to ensure GDPR compliance when transferring data out of the EU
- Data protection impact assessments – to be undertaken when new processes or technologies are introduced which might affect the rights and freedoms of data subjects
- Drafting agreements (which are legally required) to regulate your relationship with other entities who may be processing personal data on your behalf, or on whose behalf you may be processing personal data.
-
A stand-out choice
What makes us a stand-out choice from other law firms with expertise in this area is how we work with our affiliate company to provide a full suite of data protection services. Together, we can act as your Article 27 EU Representative, or UK Representative, depending on your requirements.
OUR COMMERCIAL LAW SERVICES
We’re a ‘go-to partner’ whether you’re an LLP or owner-managed business
Unearthing the implicit duty of cooperation in commercial contracts
In the world of business, contracts are the bedrock upon which deals are built. These carefully crafted documents are a testament to the mutual understanding between parties, outlining their respective…
ICO’s new guidance on responding to data subject access requests
On 24 May, the ICO published its updated guidance for businesses and employers on responding to data subject access requests (commonly referred to as ‘SARs’ or ‘DSARs’). Based on the…
New UK data protection regime – what to expect
Less paperwork for organisations, fewer data collection pop-ups for the wider public, and more than £4 billion saved over next 10 years – these are just a few outcomes that…