Data Protection and GDPR
Our Data Protection team work with businesses of all shapes and sizes in all industries and sectors. They focus on providing a professional service that helps clients achieve their goals, whether that be helping a new business ensure they are compliant or overhauling the existing procedures of a large company. You can rest assured that our team is knowledgeable and will invest their time and skills in your business to give you peace of mind.
Clients often ask us…..
How does GDPR affect my organisation?
The GDPR will apply to every public and private sector organisation which deals with any data which can identify a living individual.
There are two types of data under the GDPR - “regular” personal data and “special category” (sensitive personal data).
What changes does GDPR bring?
The reform will bring in or strengthen substantial requirements on organisations in relation to how they collect, process and retain data – some of the key elements include:
• The Right to be Forgotten
• The Right to Access
• Data Portability
• Privacy by Design
• Consent of the data subject
• Staff training
• Breach Notifications to the Information Commissioner's Office
• Substantial criminal and civil penalties for data breaches and non-compliance
What should my organisation be doing?
The Information Commissioner’s Office (ICO) has a clear message: Your organisation needs to be GDPR compliant by 25 May 2018.
Time is very much of the essence and in order to achieve compliance, your organisation needs to be fully aware of the requirements of the GDPR and have effective polices, systems and controls in place that fulfil the requirements which apply to your organisation.
In order to achieve that, often the best solution is to take specialist legal and procedural advice
What happens if my organisation is not compliant?
The GDPR permits the ICO to investigate and prosecute organisations which fail to comply.
For the most serious of breaches, fines of up to €20 Million or up to 4% of global turnover – whichever is highest, can be imposed.
For less serious breaches, fines of up to €10 Million or up to 2% of global turnover – again, whichever is highest, can be imposed.
Furthermore, the reputational damage is likely to be destructive and long lasting.
There is already recent case authority to show how serious the consequences of a breach of data protection laws could be for businesses as in the Morrisons' case, click here for more information.
How can Chattertons help?
We offer a full, tailored and holistic service to our clients and as such we have a number of Solicitors/specialists who can advise in relation to all data protection and GDPR matters.
If you would like any further details in relation to data protection and GDPR compliance or if you would like to discuss your specific needs and requirements with a member of our specialist Data Protection Team, please contact your most convenient office or complete our online enquiry form on the right hand side of this page or, if you would prefer, contact a team member directly.