At Clarkslegal we have a team of lawyers who can provide both organisations and individuals with practical and pragmatic advice on all issues of data protection. Data protection is a topic which attracts vast media attention, so compliance is key from a commercial and reputational angle.
With the General Data Protection Regulation (“GDPR”) coming into effect from 25 May 2018 and the Data Protection Bill passing through Parliament, the obligations on organisations will be much greater and penalties for non-compliance significantly higher.
For businesses that outsource their personal data to third parties, we can draft and advise on agreements for how personal data is to be outsourced and referred to in the relevant commercial agreements.
We can also advise on negotiating indemnities within commercial agreements relating to data protection and any data protection breaches.
Our team can review your data protection policies and privacy notices to ensure that they meet the increased hurdle being introduced by the GDPR. We can analyse your data protection systems and ensure your organisation will be compliant with the GDPR.
For businesses, we can guide you through the process of fulfilling your legal obligations under Subject Access Requests, including how to conduct a search for an individual’s personal data, how to collate the results (including determining what constitutes personal data and issues surrounding third party data and redaction) and how to respond to an individual with their results. We also have an external team of HR consultants who can assist on complex subject access requests.
For individuals, we can help you find out exactly what data the company holds on you, for what purpose it holds such data and who has access to such data. If it is breaching its duties in respect of your data we can advise you on your rights.
Individuals have various rights surrounding their data and these are set to increase under the GDPR. These include the right to ask for their personal data to be deleted (commonly referred to as the “right to be forgotten”), the right to object to profiling and the right to data portability (enabling the individual to obtain a copy of their personal data in a commonly used and machine-readable format). We can advise businesses and individuals on these rights.
Our team has wide experience in responding on behalf of clients to complaints received from the ICO to mitigate the risks once complaints come in and we can help guide you through the investigation process. With fines under the GDPR set to rise to the higher of 4% of global company turnover or €20 million (£18 million under the Data Protection Bill to be introduced) and reporting of breaches to the ICO within 72 hours to be mandatory in almost all circumstances, it is key that organisations mitigate the risks of any penalties for breaches.
We can help in drafting data protection policies, privacy notices and contracts (such as data protection clauses in contracts of employment) to comply with organisations’ various obligations under the data protection legislation.
Clarkslegal has provided a series of webinars exploring into the basics and complexities of data protection. Clarkslegal solicitors will take you through the steps you can take to navigate the minefield that is data protection. Catch up on the latest webinars below: