Data protection - Are you compliant?
by Amy Peacey, Clarke Willmott
The UK data protection regime comprises the UK GDPR (the retained EU law version of the General Data Protection Regulation), along with the Data Protection Act 2018.
Data protection legislation in the UK was overhauled in 2018, with enhanced obligations being placed on businesses to protect personal data.
At the time most businesses took the steps necessary to comply with the requirements - but the question for business owners now is whether your business is still compliant? Have you revisited the documents you implemented in 2018 to ensure that they are still relevant to your business?
Have you considered the following questions, particularly if your business has grown or taken a new direction:
Do you need to appoint a data protection officer?
Have you identified the controller(s) of the personal data both within your organisation or those with whom you work?
Have you identified the processor(s) of personal data both within the organisation and those with whom you ask to process data on your behalf? Do you have the necessary Data Processing Agreements in place with your processors? This will include those who provide your IT support services, HR support and advice, payroll services, for example.
Have you established and made a record of the appropriate lawful base for each processing activity that you undertake for your customers and employees?
Do you have in place and have you reviewed the organisation’s privacy notifications for example, to employees and customers regarding your processing activities?
Do you carry out data protection impact assessments (DPIAs) on relevant business processes, systems and products to ensure compliance with UK GDPR requirements?
Do you know what your obligations are if there is a data breach within your organisation?
Do you provide and maintain a training programme for employees with access to personal data within the organisation to ensure compliance?
If you have answered “no” to any of the above or if you are unsure of your response, please contact me on 0345 209 1329 or Amy.Peacey@clarkewillmott.com
Clarke Willmott is a national law firm with offices in Birmingham, Bristol, Cardiff, London, Manchester, Southampton and Taunton. For more information visit www.clarkewillmott.com
Amy Peacey is a partner in the corporate and commercial team at Clarke Willmott.