Welcome to DPA/OK
As our name suggests we help organisations to take the steps they need to comply (and to stay compliant) with data protection law.
The law applies to the ‘processing’ of personal data i.e. information that relates to identified or identifiable living individuals, for example, employees, customers or service users.
If you process personal data then you must comply with the General Data Protection Regulation (the ‘GDPR’) and the Data Protection Act 2018
Other ‘data protection’ laws exist such as the Privacy and Electronic Communications Regulations which deal with electronic marketing (text, email etc.) and the use of ‘cookies’ on websites. These laws are enforced by the Information Commissioner (“ICO”)
Under the GDPR an organisation that processes personal data must comply with the following (simplified) principles:
(a) to process [collect, use, store, share, delete etc.] people’s personal information lawfully, fairly and in a transparent manner;
(b) when collecting their information be clear about how it will be used, use it for legitimate purposes only and in a way the person would reasonably expect;
(c) to ensure that the personal information you collect/ hold is adequate, relevant and limited to what is necessary;
(d) to ensure the personal information you hold is accurate and, where necessary, kept up to date;
(e) keep the personal information in a form which enables you to identify the person for just as long as you need to, and,
(f) to take appropriate technical and organisational measures to keep information ‘safe’ i.e. preventing unauthorised or unlawful processing or accidental loss, destruction or damage.
Under the GDPR an organisation that processes personal data must be able to demonstrate that they comply with the above principles.
Failure to comply with the GDPR may lead to a significant fine of up to 4% of your annual worldwide turnover or 20 million euros – whatever is greater. People whose privacy rights have been infringed can also claim compensation. In addition the Data Protection Act 2018 makes certain conduct criminal such as deliberately destroying personal information to prevent an individual accessing it or the accessing or sharing of personal information without the controller’s permission.
Click on the links above or below to find out more about us, the services we offer and how we can help you.
Please contact us to arrange a free no obligation telephone discussion.