Data Protection for Technology and Digital Businesess
Our Data Protection and UK GDPR team advises on all aspects of the UK General Data Protection Regulation (UK GDPR), data protection compliance, Freedom of Information Act (FOIA) and delivers dynamic and practical advice to technology and digital businesses.
More about Data Protection
Ensuring that your technology businesses and staff understand the duties and obligations of those with responsibility for this data is an essential part of any successful business.
Our data protection team advises on all aspects of the data protection legislation, including the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. In addition, the team provides advice relating to data protection compliance, Freedom of Information Act (FOIA), Data Subject Access Requests (DSARs), and delivers dynamic and practical advice.
Our expertise includes:
Assessing current UK GDPR compliance and devising an action plan for implementation of various aspects of the data protection legislation, including the adoption of appropriate policies and procedures and dealing with freedom of information and other information requests
Providing bespoke training to organisations regarding compliance with the UK GDPR and other data protection legislation
Assisting with and handling DSARs including technical application of exemptions and redactions
Assisting with breaches of data security, including liaising with the ICO in respect of data breach reports and complaints made to it by individuals who allege misuse of their personal data
Assisting with and handling requests made to public authorities under the Freedom of Information Act 2000
Drafting and advising on contractual agreements for the provision of data processing and data sharing
Advising on contractual clauses in commercial agreements to ensure the relevant data protection clauses are included
Drafting and providing advice in relation to Data Protection Impact Assessments, Legitimate Impact Assessments and Records of Processing Activities
Conducting data protection and freedom of information audit
Providing advice and support with regards to sending and receiving marketing communications.
As Data Protection and UK GDPR often ties in with Information Technology policies and agreements, we also offer a range of other services for your business.
Our expertise includes:
Assessing current UK GDPR compliance and devising an action plan for implementation of various aspects of the data protection legislation, including the adoption of appropriate policies and procedures and dealing with freedom of information and other information requests
Providing bespoke training to organisations regarding compliance with the UK GDPR and other data protection legislation
Assisting with and handling DSARs including technical application of exemptions and redactions
Assisting with breaches of data security, including liaising with the ICO in respect of data breach reports and complaints made to it by individuals who allege misuse of their personal data
Assisting with and handling requests made to public authorities under the Freedom of Information Act 2000
Drafting and advising on contractual agreements for the provision of data processing and data sharing
Advising on contractual clauses in commercial agreements to ensure the relevant data protection clauses are included
Drafting and providing advice in relation to Data Protection Impact Assessments, Legitimate Impact Assessments and Records of Processing Activities
Conducting data protection and freedom of information audit
Providing advice and support with regards to sending and receiving marketing communications.
As Data Protection and UK GDPR often ties in with Information Technology policies and agreements, we also offer a range of other services for your business.
Data protection retainers:
Our data protection team offers practical and competitive support packages to provide specialist advice to your existing Data Protection Officer and/or organisation via the following offers:
DPO Support retainer; or
Fully outsourced DPO retainer
For one fixed price which can be paid monthly, quarterly, or annually, your organisation will receive dedicated support and advice whenever needed, to provide assurance that your organisation is meeting its compliance requirements. The range of services offered differ depending on retainer type, however, the data protection team provides the following services as standard across both products:
Review of existing data protection policies and procedures
Responsive telephone and email advice
Advice relating to Data Processing Agreements
Advice relating to DPIAs
Advice relating to personal data breaches
Advice relating to DSARs
Advice relating to investigations by the ICO
Regular updates on changes to the law.
Quotations are provided based around your specific needs of your technology and digital businesses. Considering factors are size of business and the amount of personal data held within it.
Data protection retainers:
Our data protection team offers practical and competitive support packages to provide specialist advice to your existing Data Protection Officer and/or organisation via the following offers:
DPO Support retainer; or
Fully outsourced DPO retainer
For one fixed price which can be paid monthly, quarterly, or annually, your organisation will receive dedicated support and advice whenever needed, to provide assurance that your organisation is meeting its compliance requirements. The range of services offered differ depending on retainer type, however, the data protection team provides the following services as standard across both products:
Review of existing data protection policies and procedures
Responsive telephone and email advice
Advice relating to Data Processing Agreements
Advice relating to DPIAs
Advice relating to personal data breaches
Advice relating to DSARs
Advice relating to investigations by the ICO
Regular updates on changes to the law.
Quotations are provided based around your specific needs of your technology and digital businesses. Considering factors are size of business and the amount of personal data held within it.
Frequently Asked Questions
What is a Data Processing Agreement (DPA) and who needs one?
A legally binding contract between parties concerning the processing (as defined in the UK GDPR) of personal data that is subject to the contract. This is typically between a controller (a party that makes decisions on how and why personal data is used) and a processor (a party that processes personal data according to the controller’s instructions).
What should we do if there’s a data breach?
Notify the ICO without undue delay and no later than 72 hours of becoming aware of the breach, if you deem the breach is likely to result in a risk to the rights and freedoms of individuals. If you deem such a risk is high, you need to also notify the individuals affected without undue delay.
How often should we review our data policies and practices?
This can be organisation-specific and can depend on a few factors such as changes to personal data practices, but typically, every 1-2 years.
Do we need a Data Protection Officer (DPO)?
It depends. If any of the following (as taken from the ICO) applies to you then yes, otherwise a more considered assessment is needed:
you are a public authority or body (except for courts acting in their judicial capacity);
your core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or
your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.
How should we respond to a Subject Access Request (SAR)?
A simplified and brief process for responding would be:
If required, seek ID verification and clarification on what personal data is requested specifically
Acknowledge within one month of receipt
Ensure redactions and exemptions are applied
Then provide the personal data (with relevant redactions applied) to the requester with supplementary information as required by data protection law.
Our dedicated Data Protection team
Contact Us
No obligation, no pressure. We will only use your information to return your call and you won’t receive marketing emails. A member of our team will get back to you shortly.
0800 689 3206 - Monday - Friday: 09:00 - 17:00
