HOW CAN WE HELP YOUR ORGANISATION BECOME GDPR COMPLIANT?
As qualified GDPR Consultants, we can help and advise organisations on what GDPR could mean for your business or organisation.
If you are just starting we can provide a GDPR Gap Analysis and then continue with ongoing support until achieving full GDPR Compliance with a set of GDPR Documents.
GDPR requires a person to oversee the implementation and review of all the processes and procedures within an organisation and if you don’t have such a person within your organisation, we can provide an external DPO (Data Protection Office) as a service.
GDPR is not a one-off process but needs to be monitored, reviewed and maintained and by providing an independent GDPR Audit of your systems, we can help you achieve this.
How does GDPR affect your organisation?
- GDPR limits how an organisation can process personal information.
- GDPR increases a Data Subject’s rights over the usage and processing of their personal information.
- GDPR enhances Data Protection and Cyber Security.
Why should organisations care about GDPR?
Reason 1 – From 25th May 2018, it became a legal requirement for all UK organisations to be compliant with GDPR.
Reason 2 – The penalty for breached, leaked, deleted or compromised personal information could be greatly reduced if the organisation has taken appropriate measures to comply with GDPR.
“If ‘Personal Data’ which could result in the risk to the rights and freedoms of a natural living person is breached, leaked, deleted or compromised after May 25th 2018, the organisation will be obliged to notify the Information Commissioners Office (ICO) within 72 Hours and also those affected as soon as possible. The ICO will then issue a penalty to that organisation which is effective, proportionate and dissuasive and could be anything up to 17.5 Million Pounds or 4% of their total worldwide annual turnover of the preceding financial year, whichever is higher. “GDPR Articles 33 & 83
Reason 3 – Data Breaches can greatly impact the organisation’s public reputation. (TalkTalk lost over 100,000 customers as the result of their Data breach in 2015).
To comply, organisations will need to identify all the “Personal Information” that they hold, to ensure that they have, or can obtain, explicit consent to continue using it or have some other legal right to do so. They should also enhance the security and protection around the way they process information, to ensure that they are fully GDPR compliant. See what Elizabeth Denham, the former Information Commissioner at the ICO says about GDPR
The Complete Guide to UK-GDPR – eBook
This guide delivers a Step-by-Step process to achieving compliance with GDPR with the focus on the UK-GDPR.
From the Introduction which gives the overview of what GDPR is about, on through the 24 steps; this guide, provides you with all the information you require to achieve GDPR Compliance.
It is structured around the advice recommended by the UK Supervisory Authority, the Information Commissioner’s Office (ICO) for GDPR Compliance and then because it is a PDF, includes hyperlinks to the relevant clauses in the GDPR documents and finishes with the recommendations delivered to multiple organisations by our Qualified GDPR Consultant to help them achieve GDPR compliance.
Following the steps in this guide, will enable you to complete your GDPR Gap Analysis and achieve GDPR Compliance without spending thousands on GDPR Consultants. Even if you do still want to use a consultant the guide will help with your understanding of what is involved in GDPR.
Price = £19.95 (Special Offer was £49.95)
“From a personal perspective, in today’s world of “Big Data “, GDPR should be celebrated for what it is: an initiative that gives back to each one of us control over who, how and what any organisation can do with our personal information. With its focus on data security, it will also significantly reduce the potential of your personal data being compromised.”
For organisations, GDPR means that strict new enforceable limits and controls are put in place over how information belonging to UK and EU citizens can be processed. To comply with GDPR, new policies, procedures and potentially extra security may need to be put in place, and failure to do so could result in huge GDPR fines.
GDPR IS NOT A ONE-OFF PROCESS BUT NEEDS TO BE MONITORED, REVIEWED AND MAINTAINED AND BY PROVIDING AN INDEPENDENT “GDPR AUDIT”, WE CAN HELP YOU ACHIEVE THIS.
5 Steps Towards GDPR Compliance
If you would like more guidance and resources to help your business or organisation you can download our guide: 5 Steps Towards GDPR Compliance
GDPR Support UK
We specialise in providing support in these areas but can provide support anywhere in the UK:
Welwyn Garden City
Kingston upon Thames
Staines upon Thames
What About GDPR Post-Brexit & DPA 2018?
TGDPR is the EU Legislation- General Data Protection Regulation (GDPR) launched in 2018. With effect from 1st Jan 2021 the UK now operates under the UK-GDPR which is based on the “UK Data Protection Act – 2018” and incorporates all of the GDPR protections but applies it to persons in the UK with the legal requirement to protect “Personal Information” wherever it is held in the world.
But organisations that rely on the transfers of personal data between the UK and the European Economic Area (EEA), will be affected in that they may need to appoint an Agent to represent them for GDPR in the main European country that they trade.
Personal information is able to flow freely between organisations in the UK and European Union without any specific measures. That’s because we have had a common set of rules – the GDPR.
What is the UK’s data relationship with the EU/EEA now?
On 28 June 2021, the EU Commission published two adequacy decisions in respect of the UK:
one for transfers under the EU GDPR;
and the other for transfers under the Law Enforcement Directive (LED).
The ICO has publish recommendations on what these decisions involve.
The UK Government has agreed that UK Organisations can continue to transfer Personal Data from the UK to EEA countries without any restrictions, including to countries that the EU have already made adequacy decisions about which includes Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland and Uruguay.
Having left the EU, the UK is now free to make its own adequate decision and has already done so regarding Japan, such that the UK Personal Data can now freely be transferred to Japan.
On the 16th July 2020 the European Court of Justice decided that the “US Privacy Shield” was no longer adequate.
In essence, they decided that US National Security law does not protect the personal data of EU citizens. Much of the problem was due to the US’s own surveillance laws, which allow government snooping and is not limited as in European law ‘to what is strictly necessary. The European Court did validate the use of Standard Contractual Clauses (SCCs), saying that this mechanism does make it possible in practice to ensure compliance with the level of protection required by EU law.
Use SCCs on all none EEA data transfers
The ICO website provides information about International Transfers and provides links to create a contract incorporating “Standard Contractual Clauses” (SCC’s) to make it possible to ensure compliance with the level of Personal Data protection required by EU/UK law.
In June 2021 the EU launches new Standard Contractual Clauses.