Data Protection Compliance and Assurance

Our Services

Why Data Protection Matters

If you employ staff, provide services or goods to individuals, customers, market to them, operate a charity, run a membership organisation, or operate CCTV, (to give just a few examples) then you will be involved in the processing of personal data and you will need to comply with the law.

Processing covers a wide range of activities such as collecting personal data, considering, or storing it, sharing it, or erasing or destroying it.

Personal data means information that relates to [is ‘about’] a living individual.

The law exists to prevent harm to individuals. It sets out how personal data should be processed to protect individuals from harm.

Getting it wrong can lead to  complaints to you, followed by a complaint to the personal data watchdog- the Information Commissioner’s Office (‘ICO’), enforcement action (including potential ‘fines’) and even claims for compensation. Your reputation may also be affected.

Organisations, whether they are what the law refers to as ‘Data Controllers’ or ‘Data Processors’ are obliged to comply with the UK version of the General Data Protection Regulation (‘GDPR’) as well as the Data Protection Act 2018 when processing personal data. Other laws exist such as the ‘Common Law’ Duty of Confidence, the Human Rights Act 1998 and the Privacy and Electronic Communication Regulations (‘PECR’) of 2003 -concerned with the use of ‘Cookies’ in websites and electronic marketing to individuals.

As well as complying with UK law if you provide goods or services to individuals in Europe (or monitor their behaviour) then you will have to comply with the European GDPR. You may also need to appoint a representative for your organisation in Europe.

If you are an overseas organisation and you again offer goods/ services or monitor the behaviour of UK citizens, then you may need to appoint a UK representative. DPA/OK can perform this role for you.

DPA/OK can help you process personal data properly and in accordance with the law.

Information Security and data protection are different but linked. It is a requirement of the GDPR to keep personal data confidential, to preserve its ‘integrity’ and to ensure it is available for use when needed.

For an organisation to meet this requirement they should conduct a risk assessment. This process requires organisations to know what personal data (and other information) they hold and to recognise its sensitivity or criticality to the organisation. There also needs to be an assessment of what threats there are to that information, the identification of any security vulnerabilities within the organisation as well as the chances of something untoward happening and, if they did, the consequences. DPA/OK can help you with this process and the identification of any measures deemed necessary to do away or reduce risk.

DPA/OK is based in the West Midlands but advises organisations throughout the UK and overseas.

Click on the links above or below to find out more about us, the services we offer and how we can help you.

Please contact us to arrange a free no obligation telephone discussion.

DPA/OK - Data Protection Compliance, Information Security & Legal Services in and around Wolverhampton
U

Gap Analysis / Auditing

~

Data Protection Officer

s

Data Breach Service

Software Licensing

Information Security

Legal Services

Documentation

Marketing To Individuals

i

Compliance

Training

b

Data Subject Right Service

w

GDPR Representatives

Please contact us to arrange a free no obligation telephone discussion.

Frequently Asked Questions

What Is Personal Data?
Any information that relates to an identified or identifiable individual. It can be ordinary or ‘special category’ such as that about race, ethnicity, health etc.
What Level Of Support Do You Offer?
As little (from a discussion over the phone) or as much (to on- site support) as you need. This can either be a one- off or an ongoing retainer.
What Is The GDPR?
It is an Europe wide law that tells ‘data controllers’ (organisations that determine what is done with personal data and how it is handled) how they should treat the personal data of individuals.  Failures to abide by the GDPR can lead (at worst) to fines and claims for compensation by individuals.
Do I Legally Need A Data Protection Officer?
In certain situations yes.  These are where you are a) a public authority, b) you process (as a core activity) lots of ‘special category’ personal data or that about criminal convictions and offences or c) again as a core activity you are involved in large scale monitoring of individuals.  Even if you are not legally required to have a DPO it is good practice to appoint someone to be responsible for ‘informing and advising’  top management of the organisations legal obligations and monitoring organisational compliance.
What Sort Of Training Do You Provide?
Organisations are required to demonstrate that they comply with the GDPR. If employees process personal data then they need to know what they should or should not be doing when handling personal data.   Employees are also often the weak link when it comes to information security so again they need to know what to watch out for. Training can cover both of these areas.
Why Might I Need A Specialist Data Protection Lawyer?
Data protection is, like many areas of law, a speciality and by choosing a specialist you are more likely to get the right advice.   Please see our legal services page for further information as to our offering.