Data Protection / GDPR

The General Data Protection Regulation (GDPR) set a new standard for the processing of European citizens’ personal information. The GDPR was implemented in the UK by the Data Protection Act 2018 and has been in force since 25th May 2018. The implementation of these new rules has led to consumers being much more aware of how their data is used. The strict new rules for the collection, processing, sharing and storing of personal data place significant responsibilities on all organisations that deal with the personal information of individuals. The consequences of failing to comply are substantial, both in terms of reputational damage and the fines that can be levied.

Whilst a significant element of GDPR compliance builds on best practice that most businesses will have already implemented under existing law, there is now also a significant additional burdens, including new requirements related to the rights of individuals over their personal data and the timescales for reporting data breaches. The level of responsibility will also vary depending on whether your organisation is classed as a Data Controller or Data Processor. For many businesses, there will be a requirement to appoint a Data Protection Officer (DPO).

As well as adherence to acceptable practices, a key requirement for compliance with data protection law is the implementation of a robust audit, record keeping and impact assessments, for which the use of an independent expert from outside the organisation can be beneficial.

In addition to providing comprehensive support for all matters concerning GDPR, we are also able to assist clients with ongoing legal issues arising from actions taken by the Information Commissioner’s Office (ICO).

Here at nexa law, our data protection lawyers are able to provide advice and support across a wide range of areas including:

• Legal support for your designated DPO;
• GDPR training and guidance at every level of the business;
• Conducting or overseeing data audits in order to create accurate and appropriate data protection records and privacy notices;Reviewing, drafting and monitoring key data protection policies, procedures and precedents to ensure GDPR compliance such as: privacy notices; DPIAs; data breach procedures and, subject access guidance;
• Reviewing website compliance;
• Reviewing and updating data processing agreements to ensure they fulfil the required obligations at all times; Providing advice on correct handling of subject access requests, including issues such as document reviews and redactions; Advice and support for data breaches;
• Legal representation for matters involving the Information Commissioner’s Office.

Unlike a traditional law firm, our experts have the flexibility to work with you exactly when and where you need them and thanks to our flexible approach to fees, we offer extremely competitive pricing. Get in touch today to find out more.