Why should we care about GDPR compliance?
Protect your profits: We have all heard about the potential (eye-watering) fines for non-compliance with data protection laws – up to 4% of a business’s worldwide turnover or €20m, whichever is the higher.
Protect your reputation: More importantly, we have seen the negative press coverage when organisations get it wrong which can be very damaging to an organisations reputation and goodwill (British Airways and Marriott International come to mind!).
Compliance is a sell: Good data governance is increasingly becoming a requirement for ITTs, and compliance is an easy sell to potential customers.
12 steps to GDPR compliance
The Information Commissioner’s Office (ICO) handy 12-step checklist highlights and codifies the essential steps for businesses to take in order to ensure compliance with the GDPR.
How can we help?
Our specialist team of solicitors can help organisations – both controllers and processors – to ensure full compliance with data protection law, and can do so in a number of ways to suit your business’s needs, such as:
Auditing and Data Mapping
To work towards compliance, you need to know where you currently stand. We can perform a data protection audit to identify any compliance gaps in your processes and recommend compliance solutions using a ‘traffic light’ coded action plan.
As part of this process, we help clients to ‘map out’ their data flows, which form the basis of an organisation’s record of processing activities. This means that, from the process we undertake, you are already on your way to working towards compliance requirements.
Training and Workshops
Key to compliance is awareness.
We can provide online training for employees and managers on a subscription basis which is a really useful tool for reaching large audiences quickly at a time and place that is convenient to them.
We can also provide interactive face-to-face training (on- or off-site) to allow staff to ask questions and work through practical examples. This training can be a general overview of data protection, or we can provide specific tailored workshops for your market sector and on key issues such as, for example, responding to subject access requests, dealing with personal data breaches, drafting GDPR-compliant contracts, fundraising, direct marketing, etc.
Template and Tailored Documents
We have a number of template guidance tools, policies, procedures and contracts that we can offer and tailor to your organisation’s functions, including:
- Legal basis flowcharts
- Privacy notice checklists and privacy notices
- Direct marketing/fundraising flowcharts
- DPO advice note and questionnaire
- Template Data Protection Impact Assessment (DPIA)
- Data protection policy and privacy standard
- Personal data breach policy and procedure documentation
- Procedure for data subjects’ rights
- Guidance tools for determining roles of parties
- Data processor GDPR checklist
Tailored Advice and Assistance
We can also provide advice and assistance on all matters related to data protection and privacy. We have assisted a number of clients in various sectors with tailored advice on many practical areas, including:
- Subject access requests
- Personal data breaches [link to Data Breach page]
- Direct marketing
- Monitoring and tracking employees
- Internal transfers
- Data sharing arrangements
- International transfers
We can assist on all matters relating to international transfers, whether this is within a group structure or simply as part of an ongoing business relationship.
We can assist you in ensuring that your international transfers are carried out in a lawful way, whether that be advising on Standard Contractual Clauses or how to join the EU-US Privacy Shield. Or, should your business require guidance on particular jurisdictions, we can assist you in getting that guidance through our vast network of global data protection experts.