Welcome to DPA/OK

As our name suggests we exist to help both public and private sector organisations comply (and to stay compliant) with data protection law.

The law applies to personal data i.e. information that relates to  living individuals, for example, employees, customers or service users.

The law will change on 25 May 2018 when the General Data Protection Regulation (‘GDPR’) comes in to force.  This regulation will need to be read alongside a new Data Protection Act.

If you process personal data either as a data controller or as a data processor then you must comply with these laws.

Other ‘data protection’ laws exist such as the privacy regulation (again due to be amended) that deals with matters such as text, and email marketing and the use of ‘cookies’

Finally, codes of practice (such as what you are expected to tell individuals when you collect/ receive their information, data sharing, proper use of CCTV etc.) will have to be considered. These codes are issued by the Information Commissioner (“ICO”) who oversees and enforces data protection here in the U.K.

Six principles underlie GDPR and an organisation must comply with them.

The principles (simplified) are:

(a)  to process people’s information lawfully, fairly and in a transparent manner;

(b)  to only collect information for specified, explicit and legitimate purposes.  Once you have it do not further process it in a way that is incompatible with the original purposes;

(c) to ensure that the information you collect/ hold is adequate, relevant and limited to what is necessary;

(d)  to ensure the information you hold is accurate and, where necessary, kept up to date;

(e) to keep it in a form which permits identification of the person concerned for no longer than is necessary, and,

(f)  to take appropriate technical and organisational measures to keep information ‘safe’ i.e. to prevent unauthorised or unlawful processing or accidental loss, destruction or damage.

 

Under GDPR an organisation that processes personal data must be able to demonstrate that they comply with the above principles.

Failure to uphold the principles or other breach of the regulation may lead to a fine of up to 4% of your annual worldwide turnover or 20 million euros – whatever is greater.

Click on the links above or below to find out more about us, the services we offer and how we can help you.

Please contact us to arrange a free no obligation initial discussion.

We offer advice in the following areas:

Audits
Documentation
Data Protection Officer
GDPR Readiness Assessment
GDPR Support
Training

Cyber Security

Please contact us to arrange a free no obligation initial discussion

 

Contact us