Data Protection Compliance, Legal Services & Information Security
Our ServicesDPA/OK helps organisations comply with data protection law and keep information safe.
Why Data Protection Matters
If you employ staff, run a school, have individuals as customers, market to individuals, operate a charity, run a membership organisation, operate CCTV, carry out research involving individuals (to give just a few examples) then you will be involved in the processing of personal data. Processing covers a wide range of behaviours such as collecting personal data, considering, or storing it, sharing it or erasing or destroying it. Personal data means information that relates to [is ‘about’] a living individual.
The law sets out how personal data should be processed in order to prevent harm to individuals. Getting it wrong can lead to complaints, reputational damage, action by the personal data watchdog and even claims for compensation.
Organisations, whether they are what the law refers to as ‘Data Controllers’ or ‘Data Processors’ are obliged (from 1 January 2021) to comply with the UK version of the General Data Protection Regulation (‘GDPR’) as well as the Data Protection Act 2018 when processing personal data. Other laws exist such as the Privacy and Electronic Communication Regulations (‘PECR’) of 2003 -concerned with the use of ‘Cookies’ in websites and electronic marketing to individuals.
As well as complying with UK law if you provide goods or services to individuals in Europe (or monitor their behaviour) then you will have to comply with the European GDPR. You may also need to appoint a representative for your organisation in Europe. DPA/OK can assist you with this.
If you are an overseas organisation and you again offer goods/ services or monitor the behaviour of UK citizens then you may need to appoint a UK representative. DPA/OK can perform this role for you.
DPA/OK can help you handle personal data properly and in accordance with the law.
Information Security and data protection are different but linked. It is a requirement of the GDPR to keep personal data confidential, to preserve its ‘integrity’ and to ensure it is available for use when needed. In order for an organisation to meet this requirement they should conduct a risk assessment. This process requires organisations to know what personal data (and other information) they hold and to recognise its sensitivity or criticality to the organisation. There also needs to be an assessment of what threats there are to that information, the identification of any security vulnerabilities within the organisation as well as the chances of something untoward happening and, if they did, the likely consequences. DPA/OK can help you with this process and the identification of any measures deemed necessary to do away or reduce risk.
DPA/OK can also draft and review agreements for organisations who are involved in the development (including how to protect it) and licensing of software and sales or purchases of hardware.
DPA/OK is based in the West Midlands but advises organisations throughout the UK and overseas.
Click on the links above or below to find out more about us, the services we offer and how we can help you.
Please contact us to arrange a free no obligation telephone discussion.