The General Data Protection Regulation (GDPR), described as the biggest ever overhaul of data protection legislation, is arriving on 25 May 2018. GDPR impacts on all organisations that handle personal data of UK and EU individuals be they clients, employees or suppliers. Indeed, GDPR has a global impact with organisations from Silicon Valley to Australia, including those with no physical presence in the EU, now taking urgent action to ensure full compliance in time for May 2018. It is the most significant EU law in decades. Our experienced solicitors provide prompt, efficient and cost-effective advice on a full spectrum of data protection issues and can guide you towards compliance with GDPR.

Content divide

Areas of Expertise

We offer a number of services including:

  1. direct training in the form of presentations to staff;
  2. data protection health checks appropriate to the size and nature of your business;
  3. drafting a full range of policies including Data protection policies, data protection impact assessments, data retention policies, privacy notices, consent notices etc.;
  4. advice on complying with data subject rights such as dealing with subject access requests;
  5. drafting bespoke data sharing / transfer agreements.

One of the new legal obligations is to provide training to all staff who deal with personal data. We have introduced a GDPR E-learning course which assists organisations in complying with the new legal requirement to provide training to staff who deal with personal data.   This is a very convenient and inexpensive E-Learning training module that ticks the training box. The E-Learning course is designed to be simple and accessible and can be viewed on desktop or mobile devices at any time. You can have a look at one of the GDPR E-Learning modules by clicking on the link below. The first module is unlocked for open viewing.

Why us

Under GDPR the potential fines have increased from a maximum of £500,000 to €20 million euro or 4% of global annual turnover (whichever is the higher).

Under Article 39 of GDPR it is one of the responsibilities of the data protection officer to “monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits”.

The ICO has stated that to demonstrate compliance “you must implement appropriate technical and organisational measures that ensure and demonstrate that you comply. This may include internal data protection policies such as staff training, internal audits of processing activities, and reviews of internal HR policies”.

With the implementation of GDPR it is more important than ever to ensure that your policies and procedures are up to date and your staff are trained on the requirements of data protection legislation. We are here to guide you through this process

Our Experience

Michael Black was recently involved in dealing with the Information Commissioner’s Office on behalf of a Subject Access Request issued to a school. This request covered both DPA and FOI issues.

Aisling Byrne has advised a number of clients on FOI and DPA issues and along with Michael Black, she has also provided training on these areas.

Michael King and Nathan Campbell have experience of conducting DPA and FOI audits on behalf of clients in the private, public and third sectors.