Keeping clients’ personal information safe is paramount. Data protection legislation was in place many years before anyone had heard of the GDPR but the 2016 EU Data Protection Regulation, which came into force on 25th May 2018, brought with it a new regime and significantly more consumer awareness of the law and their individual rights.

Lexcel v6.1 introduced a number of new requirements in this area designed to ensure that accredited firms complied with their obligations under the legislation. But whether you are accredited or not, the law still applies to you.

With the advent of Brexit the GDPR was incorporated into the UK GDPR which sits alongside the Data Protection Act 2018. The law in this area continues to evolve with high profile cases in recent months affecting, for example, the transfer of data to third countries. If you are still struggling to come to terms with the extent of your obligations and put in place the policies and procedures to ensure that you are compliant we are here to help.

We will undertake gap analysis of your existing practices and documentation which will highlight where you need to focus your attention. We can help you draft the raft of documentation required including:

• data protection policies;
• privacy notices;
• data processing agreements;
• data sharing agreements;
• policies to handle subject access requests and manage data breaches; and
• a data processed register.

There is no doubt that a data breach has the potential to cause significant harm to your business. You may find yourself the subject of an eye watering fine from the Information Commissioner’s Office, but even if you don’t and your business survives, the reputational damage you may suffer should not be underestimated. In an age where bad news travels fast via social media, and where identity fraud is a ongoing threat, all businesses should be focussing their attentions on the personal data that they hold for their clients and the measures they need to put into place to protect this.

Contact Us