Legal advice on data protection that’s perfectly in tune with your business
No matter where your organisation is on its GDPR journey, we can provide you with a comprehensive solution or help you out with certain aspects of data protection law.
Data is now a key business asset, but is also subject to heightened EU regulation, with wide global territorial scope. Regulatory authorities have the power to impose hefty fines, or even to order the suspension of data processing altogether.
Our specialist GDPR and data protection solicitors will make the effort to get to know your business, using this knowledge to create workable solutions to any kind of GDPR compliance challenge you may face.
Solutions-focused advice on the General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is the European Union’s data protection regime which came into effect in May 2018.
It has a wide territorial scope– it applies not only to organisations with a physical presence in EU member states, but also to entities located anywhere in the world, if they are processing personal information about, or monitoring the behaviour of, EU citizens.
GDPR also introduces vastly increased fines. The maximum fine for a serious infringement is 4% of annual worldwide turnover, or €20 million, whichever is the greater. Therefore even a smaller organisation could potentially face an administrative fine of up to €20m.
Organisations to which GDPR applies must, if they are not themselves established in an EU member state, formally designate a representative established within the EU,for GDPR compliance. It is easy for the data protection authorities to check whether or not you have done this, and there are only limited exceptions to the rule. This obligation will potentially apply also to UK-based entities, following Brexit, and to any organisations that trade with the UK, they’ll need to appoint a UK Representative if they have no physical base in the UK.
Acting as your UK Representative – find out whether you need to appoint a UK representative
Gap analysis and advice on remedial actions
Data audits and compilation of Article 30 records (legally required records of your data processing activities)
Developing your data protection policies, procedures and privacy notices
Advice on measures to be taken to ensure GDPR compliance when transferring data out of the EU
Data protection impact assessments – to be undertaken when new processes or technologies are introduced which might affect the rights and freedoms of data subjects
Drafting agreements (which are legally required) to regulate your relationship with other entities who may be processing personal data on your behalf, or on whose behalf you may be processing personal data.
We always take the time to get to know your business. Find out who we work with.
Técnicas Reunidas UK Ltd
Técnicas Reunidas group is a leading international engineering and construction company for oil and gas production, refining and petrochemicals and power generation projects.
It ranks among the top three oil and gas engineering and construction companies in Europe and among the top 10 in the world.
The Chartered Governance Institute is a division of the global professional body for governance, which operates under the same name. Previously known as the Institute of Chartered Secretaries and Administrators (ICSA), the Institute provides qualifications, training and guidance to members and governance professionals all over the world.
Cheltenham Festivals is a charity which produces innovative, world-class content across science and the arts. Its programmes reach out year-round and culminate at the internationally-acclaimed Jazz, Science, Music and Literature Festivals, with the aim of engaging everyone in science and the arts.
A trendy, independent sushi bar in the heart of Cheltenham takes on the theme of Japan’s finest canteen-style dining and has captured the attention of many a food blogger & award giver both nationally, and locally.
We often hear of businesses lamenting the cost of GDPR compliance, but as the bedding-in period passes and national supervisory authorities such as the UK’s Information Commissioner’s Office (ICO) tighten…