UK data protection law
In May 2018 the General Data Protection Regulation (GDPR) came into effect across the EU and the Data Protection Act 2018 came into force in the UK, replacing the Data Protection Act 1998.
These new laws affect all organisations that collect or use people's personal information (data controllers), from private sector companies to public authorities, from large charities to members' clubs.
Compliance is more important than ever as getting it wrong could lead to fines of up to EUR 20 million or 4% of total worldwide annual turnover, not to mention serious reputational damage.
Ensure you are compliant
Our data protection lawyers are here to help your organisation achieve data protection compliance. We can help with:
- data protection training for staff, board members and trustees including obligations on data controllers and data processors under the GDPR
- data mapping and data audits of the personal information your organisation holds
- the role of the Data Protection Officer, documentation and record-keeping requirements under the GDPR
- data minimisation, storage limitation, anonymisation and pseudomysation
- your legal basis for processing personal data, including legitimate interests and consent
- data protection impact assessments (DPIAs)
- information sharing agreements and data processing contracts with third-parties
- cross-border data transfers outside the EEA
- individual rights under the GDPR including subject access requests and the right to erasure (the 'right to be forgotten')
- e-privacy, direct marketing and website cookies
- data protection breaches, correspondence with the ICO, notification obligations, fines and sanctions
Contact one of our specialists to ensure you are getting it right.
- Chris Rowse, partner, charity and social business
- Michael Stacey, partner, litigation
- Andrew Studd, partner, charity and social business
- Carla Whalen, senior associate, charity and social business
- Guy Wilmot, partner, corporate and commercial