Data protection – are you compliant?

The UK data protection regime comprises the UK GDPR (the retained EU law version of the General Data Protection Regulation), along with the Data Protection Act 2018.

Data protection legislation in the UK was overhauled in 2018, with enhanced obligations being placed on businesses to protect personal data.

At the time most businesses took the steps necessary to comply with the requirements – but the question for business owners now is whether your business is still compliant? Have you revisited the documents you implemented in 2018 to ensure that they are still relevant to your business?

Have you considered the following questions, particularly if your business has grown or taken a new direction:

Do you need to appoint a data protection officer?
Have you identified the controller(s) of the personal data both within your organisation or those with whom you work?
Have you identified the processor(s) of personal data both within the organisation and those with whom you ask to process data on your behalf? Do you have the necessary Data Processing Agreements in place with your processors? This will include those who provide your IT support services, HR support and advice, payroll services, for example.
Have you established and made a record of the appropriate lawful base for each processing activity that you undertake for your customers and employees?
Do you have in place and have you reviewed the organisation’s privacy notifications for example, to employees and customers regarding your processing activities?
Do you carry out data protection impact assessments (DPIAs) on relevant business processes, systems and products to ensure compliance with UK GDPR requirements?
Do you know what your obligations are if there is a data breach within your organisation?
Do you provide and maintain a training programme for employees with access to personal data within the organisation to ensure compliance?

Speak to a specialist

If you have answered “no” to any of the above or if you are unsure of your response, please contact Amy Peacy on 0345 209 1329 or send an enquiry.

Posted: 20 September 2024

Your key contact

Amy Peacey

Partner

Southampton

Amy helps businesses and individuals document their contract relationships with third parties ensuring their commercial contracts are legally sound and comply with all applicable laws.

View profile for Amy Peacey >

What are drag-along and tag-along rights?

This article explains what drag-along and tag-along rights are, and what needs to be considered when negotiating them in a sale.

Corporate and commercial law

Deadline looming to implement UK international transfer of personal data amendments

Incoming changes to UK data protection laws means those using the EU standard contractual clauses to safely transfer personal data outside the UK are to update their documentation to bring them into line with equivalent UK-mandated contractual clauses.

Corporate and commercial law

Financial advice firm consolidation set to continue in 2024

Ed Foulkes, who specialises in mergers and acquisitions in the financial services industry, believes consolidation shows no signs of slowing down in 2024.

Start-ups and high growth businesses

Do I really need a shareholders’ agreement?

A shareholders’ agreement gives you an opportunity to discuss and reach an agreement on these, and many other situations, with your co-founders at an early stage.

Looking for legal advice?

Ask us

Request a consultation

Call us

0800 652 8025

Email us

getintouch@clarkewillmott.com