Data Protection Compliance, Legal Services & Information Security

DPA/OK helps organisations comply with data protection law and keep information safe.

01902 229817

Send A Message

david@dpa-ok.co.uk

Why Data Protection Matters

If you employ staff, run a school, have individuals as customers, market to individuals, operate a charity, run a membership organisation, operate CCTV, carry out research involving individuals (to give just a few examples) then you will be involved in the processing of personal data. Processing covers a wide range of behaviours such as collecting personal data, considering, or storing it, sharing it or erasing or destroying it. Personal data means information that relates to [is ‘about’] a living individual.

The law sets out how personal data should be processed in order to prevent harm to individuals. Getting it wrong can lead to complaints, reputational damage, action by the personal data watchdog and even claims for compensation.

Organisations, whether they are what the law refers to as ‘Data Controllers’ or ‘Data Processors’ are obliged (from 1 January 2021) to comply with the UK version of the General Data Protection Regulation (‘GDPR’) as well as the Data Protection Act 2018 when processing personal data. Other laws exist such as the Privacy and Electronic Communication Regulations (‘PECR’) of 2003 -concerned with the use of ‘Cookies’ in websites and electronic marketing to individuals.

As well as complying with UK law if you provide goods or services to individuals in Europe (or monitor their behaviour) then you will have to comply with the European GDPR. You may also need to appoint a representative for your organisation in Europe. DPA/OK can assist you with this.

If you are an overseas organisation and you again offer goods/ services or monitor the behaviour of UK citizens then you may need to appoint a UK representative. DPA/OK can perform this role for you.

DPA/OK can help you handle personal data properly and in accordance with the law.

Information Security and data protection are different but linked. It is a requirement of the GDPR to keep personal data confidential, to preserve its ‘integrity’ and to ensure it is available for use when needed. In order for an organisation to meet this requirement they should conduct a risk assessment. This process requires organisations to know what personal data (and other information) they hold and to recognise its sensitivity or criticality to the organisation. There also needs to be an assessment of what threats there are to that information, the identification of any security vulnerabilities within the organisation as well as the chances of something untoward happening and, if they did, the likely consequences. DPA/OK can help you with this process and the identification of any measures deemed necessary to do away or reduce risk.

DPA/OK can also draft and review agreements for organisations who are involved in the development (including how to protect it) and licensing of software and sales or purchases of hardware.

DPA/OK is based in the West Midlands but advises organisations throughout the UK and overseas.
Click on the links above or below to find out more about us, the services we offer and how we can help you.

Please contact us to arrange a free no obligation telephone discussion.

DPA/OK - Data Protection Compliance, Information Security & Legal Services in and around Wolverhampton

U

Gap Analysis

~

DPO Services

s

Data Breach Service



Software Licensing



Information Security



Legal Services



Documentation



Marketing To Individuals

i

Compliance



Training

b

Data Subject Right Service

w

Representatives & Brexit

Please contact us to arrange a free no obligation telephone discussion.

Frequently Asked Questions

Ask A Question

What Is Personal Data?

Any information that relates to an identified or identifiable individual. It can be ordinary or ‘special category’ such as that about race, ethnicity, health etc.

What Level Of Support Do You Offer?

As little (from a discussion over the phone) or as much (to on- site support) as you need. This can either be a one- off or an ongoing retainer.

What Is The GDPR?

It is an Europe wide law that tells ‘data controllers’ (organisations that determine what is done with personal data and how it is handled) how they should treat the personal data of individuals. Failures to abide by the GDPR can lead (at worst) to fines and claims for compensation by individuals.

Do I Legally Need A Data Protection Officer?

In certain situations yes. These are where you are a) a public authority, b) you process (as a core activity) lots of ‘special category’ personal data or that about criminal convictions and offences or c) again as a core activity you are involved in large scale monitoring of individuals. Even if you are not legally required to have a DPO it is good practice to appoint someone to be responsible for ‘informing and advising’ top management of the organisations legal obligations and monitoring organisational compliance.

What Sort Of Training Do You Provide?

Organisations are required to demonstrate that they comply with the GDPR. If employees process personal data then they need to know what they should or should not be doing when handling personal data. Employees are also often the weak link when it comes to information security so again they need to know what to watch out for. Training can cover both of these areas.

Why Might I Need A Specialist Data Protection Lawyer?

Data protection is, like many areas of law, a speciality and by choosing a specialist you are more likely to get the right advice. Please see our legal services page for further information as to our offering.