We’ve helped hundreds of solicitors, barristers, legal advisers and business managers to manage their obligations in relation to GDPR. Our advice is given in a holistic way that takes into account upcoming changes in privacy rules as well as your obligations under GDPR alone.
Our specialist team will help you to understand your current position by carrying out a data audit and gap analysis and then assist with preparing and implementing a plan to address these issues. This could involve, for example, reviewing and updating policies and outsourcing arrangements and contracts.
Policies and practices update
The General Data Protection Regulation forms part of the data protection regime in the UK, together with the new Data Protection Act 2018 (DPA 2018). The main provisions of this became applicable, like the GDPR, from 25 May 2018.
When you buy goods and services, or sometimes even just visit a website, the organisations you deal with may collect information and data about you. This might include your name, address, and date of birth. This type of data, which is capable of identifying a living individual, is called ‘personal data’.
Organisations may even include things like the school you went to, the job you do, details about your partner or family or the sorts of things you view or buy online. Like it or not, many organisations, including councils, hospitals, travel companies, banks and supermarkets hold data about you. We have for some 20 years had the Data Protection Act provisions to protect people from an abuse of their personal data.
The GDPR adds in a new range of personal identifiers, reflecting changes in technology and the way companies gather data today. Online identifiers, such as your IP address, are now included within the definition of personal data.
The challenge for all businesses has been and continues to be, how they manage that data and how they come to terms with the provisions of the GDPR and how it changes their business practices. Clearly we all want our data to be protected and held safely where it must be held and again we would prefer that it is not retained for longer than is necessary. These are relatively simple concepts however it becomes more complicated when you start to loo at how your organisation collects data.
On first sight it may appear a relatively simple issue as it is all relatively logical. Collect the data you need, keep it safe and destroy it when you no longer need it. Unfortunately once you start to look a little more closer the implementation of the GDPR becomes considerably more complex in its application. Once you start to identify the type of data that you hold and where it is held it becomes clear that the penetration into your systems and storage is considerable and in order to track its movement it quickly becomes apparent that “mapping” the course of this important information is no simple process.
The mapping process helps a business to understand what is held and where it is both held and potentially send in the event that it leaves the business. We are already potentially too busy in running or day jobs to be able to spend time implementing these processes, and arguably it is more cost effective for you to do what you do best and earn money for your business rather than spending considerable periods of time work outside of your comfort zone on tasks that you have less understanding of.
Legal Eye has a team of experts who specialise in assisting businesses achieve the appropriate level of compliance with the GDPR in order to protect their customers and businesses.
For more on GDPR requirements contact us .