We use cookies to track usage of our site. Details of these can be found on our Cookie Policy. You may choose to decline all tracking cookies, but if you do some key features may not work as expected.

Home / Expertise / Compliance and regulatory / GDPR

GDPR

The new legislation came into effect 25th May 2018. From this point on all companies from SMEs to international corporations which handle personal data relating to individuals in the EU must comply with the GDPR.

This means companies will be accountable for the “processing” (a term that covers every act in relation the data such as obtaining, storing, moving, backing up, deleting) of any  data that is capable of identifying a living individual, regardless of how this data is collected, sent, processed and stored. The data must be protected, and protection has to be verified.

The GDPR applies to any organisation that has control over personal data as well as those that process personal data on behalf of another organisation.

" ... very helpful and informative workshop on GDPR. Having previously read official documentation, your workshop brought it all to life and gave a much deeper insight."

Trica Pearson, Webmoco PreviousNext

Our expertise

Understand the impact of the GDPR >
The digital economy >
Are you compliant? >

Understand the impact of the GDPR

Many organisations haven’t fully understood the impact these changes will have and are not sufficiently prepared to implement the changes needed to be compliant. The complexities of the GDPR mean a ‘one size fits all’ approach may leave organisations at risk of a breach.  

It is critical to any business that they are aware of, and have a plan to deal with personal data. The costs of not complying with the GDPR are high. Financially, a business can face fines of up to 4% of annual turnover or 20 million euros, whichever is the higher.

The digital economy

It’s not all about fines. The new regulation seeks to acknowledge that data is a key currency in business. In the data-driven world we now live in, the benefits and opportunities presented to organisations by having personal data are unparalleled. The GDPR looks to ensure there are clear rules on the use of, and protection of that valuable data. 

"Claire Halle-Smith gave me superb advice and assistance as to the process, drafting of all correspondence and the final response and applying relevant exemptions. Claire's support was invaluable and I went on to recommend Wright Hassall to several other societies"

Steve Richardson, Chairman of a national society

Are you compliant?

It’s important your organisation looks ahead to GDPR and lays the foundations to ensure compliance. Your approach should include:

  • Reviewing the GDPR guidance.
  • The assessment of your data processing activities.
  • Highlighting the systems and processes using data, and for what purpose.
  • Identifying current compliance measures and procedure.
  • Implementation of internal procedures.
  • Creating a GDPR compliance gap analysis.
  • Designing and implementing a set of compliance guidelines, or building on guidelines already in place.
  • Executing any technical or procedural changes needed.
  • Designing and implementing training programmes.
  • Monitoring compliance.

How can we help?

Our team of GDPR specialists offer the following services:

  • An audit of your organisation to help identify what data you hold, the purposes for which you process that data, the current measures you have in place to comply with data protection legislation and where the key risks of non-compliance are.
  • Reviewing your existing contracts with employees, contractors and suppliers to identify whether they address data protection and, more specifically, the GDPR.
  • Varying your existing contracts so that they address the changes brought about by the GDPR and adequately protect you going forward.
  • Advising you on steps to take to comply with privacy by design requirements for new technology projects.
  • Drafting of applicable policies and procedures to support compliance with the new regime.
  • Whether you are a data processor or a data controller under a particular contractual arrangement, we can advise you on what your obligations are under the current data protection regime and how these will change once the GDPR comes into force.
  • What due diligence you should be carrying out when looking to engage a third party as a data processor.
  • Tailored training on what the GDPR will mean for your business and what steps you can take towards meeting the requirements of the legislation.
  • Data breach incident response support and advice.
  • Advice on responding to subject access requests, guidance around applicable procedures to ensure requests are managed and risk of confidential information being disclosed is mitigated.

Our people

Patrick McCallum - Commercial Contracts Law Solicitor
Patrick McCallum

Senior Associate
Claire Halle-Smith - Data Protection Lawyer
Claire Halle-Smith

Legal Director

Related services

Compliance Button Data protection and privacy
Commercial Button Commercial contracts
Manufacturing Button Outsourcing and technology

 

 

Recent articles

Commercial contract law banner
May 17th, 2024 What is the Data Protection and Digital Information Bill?

The Data Protection and Digital Information Bill (No. 2) (Bill) was introduced to Parliament on 8 March 2023. The Bill ...

Read article
Commercial contract law banner
February 9th, 2023 Does accessing personal data on your work device while abroad constitute an international transfer of personal data?

If your employees are regularly accessing work emails and documents while abroad, you need to be clear that any such act...

Read article
Commercial contract law banner
November 24th, 2022 Data Protection: security breach results in £4.4m fine for Interserve

The Information Commissioner's Office (ICO) has issued a fine of £4,400,000 to Interserve Group Ltd (Interserve) for bre...

Read article