Complying with the new regime
What is involved?
The General Data Protection Regulation (GDPR) came into effect on 25th May 2018 – bringing about the most fundamental change in data protection law in a generation. Its purpose is to protect the rights of individuals and the security of their data. This new regime impacts every business, public authority and non-commercial organisation in the UK. Not complying with the GDPR will have heavy consequences.
The GDPR introduces far heavier fines (up to €20 million) for organisations which do not follow the new requirements for valid consent.
Key changes include:
- Far heavier fines – up to €20million or 4% of worldwide turnover (whichever is higher)
- New and stricter requirements for valid consent
- More extensive compliance requirements for all agreements involving personal data
- Compulsory reporting of data breaches and strict time limits for doing so
- In some cases, a duty to appoint a data protection officer
- New data subject rights, and changes to the rules dealing with subject access requests
- Data processors being directly liable for breaches of the law
Strict requirements for privacy policies and notices
- A requirement to carry out privacy impact assessments in some situations.
GDPR won’t stop your business in its tracks, but you should be doing things differently to avoid breaking the law.
Why choose Freeths?
- We can guide you through a long, complex process with site visits, tailored training and helplines
- Our specialist data protection lawyers are frequent speakers at trade events and GDPR conferences
- We can support your GDPR compliance processes with model contracts, documents and clear policies
- Charity-specific – we have particular expertise with assisting non-profit organisations with GDPR
We know the GDPR can seem overwhelming. Our specialist lawyers have helped numerous clients put in place the effective policies, contracts and procedures required to avoid fines and reputational damage.
We can advise on new data subject rights and changes to the rules dealing with subject access requests. Our lawyers can explain how the introduction of data processor liability affects your supply chain and how to manage this. If you haven’t already, you probably need new (or revised) contracts, privacy policies/notices, and we can help with those too. In addition, we run training seminars and workshops for clients and provide them with guidance and templates documents.
Whether you have questions about international data transfers, direct marketing or profiling – we offer a full spectrum of services to get your organisation fully compliant with the GDPR.
Charities and the non-profit sector will also benefit from our specialist knowledge; we understand the issues of moving to opt-in communications and the challenges that entails.
Get in touch with our experts now to see how we can help you get your organisation with GDPR issues.
0845 404 4143
0845 070 3810
0845 050 3617
0845 077 9626
01865 781 004
0845 166 6347
Data – How to stop employees taking your data and what do you do?Articles 12th Sep 2019
Data – How should businesses go about protecting their data?Articles 11th Sep 2019
Consent for direct marketing must be specificArticles 10th Sep 2018
"Freeths have provided us with excellent support on our EU GDPR project. They responded to our need for specialist GDPR advice as we prepare to meet the requirements of the new legislation. Their dedication and support has been much appreciated."
(Valentine Steadman, Corporate and Legal Services Manager - The Royal Society for the Protection of Birds)
"Freeths' IT team is active on website, software, data protection, cloud computing and outsourcing matters. Deryck Houghton is experienced across the board."
(The Legal 500)
"I have had the pleasure of working with Deryck Houghton on a wide range of contentious and non contentious legal matters. I have always found that Deryck provides friendly, helpful and pragmatic legal advice in a timely fashion and at a cost that we consider to be good value for money. We have used the services of Deryck for many assignments in the past and will continue to do so into the future."
(Martin McCloskey, Group Commercial Director, Capita Group plc)
"Oliver's assistance on data protection, e-privacy and information security law has been most welcome. He has in-depth knowledge of the General Data Protection Regulation, which has been invaluable, and has provided very detailed advice."
(Data Protection Officer for a National Charity)
- Managing the legal aspects of GDPR compliance for the RSPB, the UK’s largest conservation charity. Drafting privacy policies, opt-in statements and preparing GDPR compliant contracts, procedures and preparing training materials.
- Working closely with a worldwide religious charity on GDPR compliance, dealing with internal data sharing and international transfers.
- The ubiquitous nature of personal data means data protection law needs to be addressed in almost every contract. We have helped clients by preparing GDPR compliant standard terms (for customers and suppliers), data sharing agreements, and assisting in the negotiation of complex data protection clauses.
- Advising on the compliant transfer of personal data from a UK distributor to a manufacturer in the US.
- Advising a public sector client regarding data sharing arrangements between it and a private business.
- Advising on an agreement for the implementation of a cloud-based software suite for a property management company.
‘Doing the right thing’ is at the heart of Freeths. Find out more about our excellent client service and the strong set of values that guide the way we work.
Talk to us
Freeths are a leading national law firm with 13 offices across the UK. If you have a query about our services or just want to find out more, why not give us a call?
Contact: 03301 001 014