What is GDPR?
GDPR (General Data Protection Regulation) is EU legislation that has been incorporated into the UK’s data protection law, including the Data Protection Act 2018.
GDPR governs how organisations collect, store and protect people’s personal data.
Personal data is information that identifies an individual. This includes their name, date of birth, gender, address, email address, phone number, medical records, internet protocol address (IP address) and more.
The 7 Principles of GDPR
There are 7 GDPR principles that organisations must follow:
- Lawfulness, fairness and transparency. Personal data must be collected and stored fairly and legally. Your organisation must tell people (data subjects) how you will use their personal data.
- Purpose. Personal data you collect must only be used as you have told data subjects it will be. If you would like to change the way you use personal data, we can advise you on the correct steps to take.
- Data minimisation. Only personal data that is relevant and necessary to your organisation must be stored and collected. You must only collect data that you have told data subjects you will collect and nothing more.
- Accuracy. The personal data you collect must be accurate and up-to-date. Data that is incorrect or out-of-date must be deleted.
- Storage. You must only keep personal data for as long as you have told data subjects you will keep it. Data must not be kept longer than is necessary for the purposes you have explained to them.
- Confidentiality. Personal data must be stored securely and confidentially. Every possible measure must be taken to avoid a data breach.
- Accountability. You must show that you comply with the 7 principles of GDPR through your policies and procedures.
Are you compliant?
Our solicitors at Parkinson Wright can assist you in conducting data protection audits to ensure your organisation is continually compliant with GDPR.
An audit will be tailored to your organisation’s specific requirements, but we are likely to look at:
- Whether your data protection policies and procedures require changes.
- Whether you have lawful grounds under Article 6 of the GDPR for processing personal data. Lawful grounds are:
- Individuals’ consent.
- Performance of a contract.
- Compliance with a legal duty.
- Protecting an individual’s interest.
- Protecting the public’s interest.
- Legitimate interests of the organisation (except when the interests, rights and freedoms of data subject override this interest).
- Whether additional assessments are needed for areas where processing data is high risk.
- Your organisation’s knowledge of data protection and whether there is a requirement for further training.
- How your organisation manages an individual’s right to be forgotten and to have their data rectified. Under Article 17, individuals have the right to request that their personal data is erased. This right only applies in specific circumstances, however.
- Your organisation’s procedures regarding accuracy and retention of data.
- Whether adequate security measures are in place to prevent data breaches, this includes technical and organisational measures.
- Practices for sharing data with third parties and the legal basis for transferring data.
How we can assist you to comply with GDPR
Parkinson Wright data protection solicitors can help your organisation to comply with data protection and privacy law.
- Review contracts with employees, contractors and suppliers to ensure compliance. Contracts must clearly communicate how you expect third parties to comply with GDPR and how your organisation complies with GDPR. This helps to prevent data breaches and protects your organisation in the event of a data breach by a third party.
- Manage a data breach. In the event of a certain type of data breach, you must notify the ICO (Information Commissioner’s Office) immediately. We will advise you whether a breach must be reported or not and how to manage the process. If the ICO is investigating your organisation, our specialist data protection team has the knowledge and experience to assist you.
- Draft data protection policies and procedures. Under principle 7 of the GDPR, your policies and procedures must communicate how you comply with GDPR. We can advise you on the policies and procedures you need and help you draft policies and procedures, such as Terms and Conditions, tailored to your organisation.
- Advise on individuals’ data rights. People have certain rights to control their personal data under GDPR, including the right to see their personal data. We can explain what those rights are, how they affect your business, and how to manage subject access requests.
- Help you manage complaints from individuals and regulators. If you receive a complaint from an individual or the ICO is investigating your organisation, we can advise you on how to manage this professionally and sensitively. We aim to keep disruption to your business to a minimum.
- Advise on moving data out of the EEA. Under the GDPR, there are restrictions on moving data outside the EEA. At a time when businesses are increasingly outsourcing processes such as marketing to organisations abroad, this is particularly relevant.
- Advise on sharing data with other businesses. We can review and draft contracts to make sure they contain data protection clauses that protect your organisation. We can also advise you about the legal basis for sharing personal data with third parties under GDPR.
Why choose Parkinson Wright GDPR lawyers?
Our experienced data protection solicitors advise businesses of all types and sizes across the UK. We can get to know your business and support you to comply with GDPR to reduce the risk of an ICO investigation and expensive fines.
We also have the expertise to advise you on the right strategy to follow if a data breach occurs and a claim is made against your organisation.
Parkinson Wright solicitors have several accreditations, so you can rest assured you will receive expert legal advice and the highest level of customer service.
Solicitors Regulation AuthorityRegulated and authorised by the Solicitors Regulation Authority (SRA).
Lexcel Quality MarkWe have achieved the Law Society’s Lexcel Legal Practice quality mark, which sets the standard for client care.
Get in touch
We offer a Free Initial Assessment, so you can call us without charge or obligation for GDPR legal advice.
To arrange your Free Initial Assessment at a time convenient to you, please call 01905 401 893.