Do you need the support of a Data Protection Officer? Maybe you have an ongoing legal requirement for UK GDPR data protection compliance, or just need occasional help with getting your procedures and documentation in place.
Our data protection experts will guide your business, school, college or organisation, through the various data protection obligations, provide GAP analysis and ongoing data protection monitoring, to ensure you stay legal and compliant.
Our UK GDPR consultancy services include
In a nutshell, it’s likely. GDPR and data protection can be complicated. GDPR, which stands for the General Data Protection Regulation, came into force in May 2018 and was renamed in January 2021 to UK GDPR. UK GDPR affects virtually all businesses, trade associations, schools, public sector organisations and even charities.
UK GDPR largely mirrors the EU GDPR with a number of differences. The biggest is the territorial reach. This means that if you process data in the UK for anyone, whether they are based in the UK, EU or anywhere else in the world, the data subjects all have the same legal rights and remedies. Did you know that UK GDPR affects nearly every aspect of business – from personal records to accounting and marketing? Failure to adhere to the rules could result in fines of up to around £18 million or 4% of your worldwide turnover, whichever is greatest. This is huge and not a risk you want to take.
Despite significant publicity around what’s needed, and by when, some businesses and organisations still don’t understand the legislation and aren’t fully complying.
As a business, school, college, trade association, public sector company, or charity – you also need to ensure you have the right procedures in place to detect, report, investigate and, if necessary, report to the Information Commissioner’s Office (ICO) any personal data breaches.
If you think this is challenging, you should also consider whether you should formally designate a Data Protection Officer (DPO). If you sell within the EU to consumers and/or process the personal data of EU subjects, you will also need to designate an EU representative.
If this all sounds very complicated, talk to our data compliance experts.
There’s more on our specific data protection consultancy services here…
UK GDPR audits and strategy
We will help you to identify your legal obligations through an onsite UK GDPR audit. It involves audit prep, an onsite visit, and a written report, with a follow-up meeting completed by a GDPR Qualified Practitioner. This will include an action plan outlining all the changes needed. Once implemented, an optional mini audit can take place to check everything is as it should be. Auditing where you are, and implementing everything you need to comply, gives you that vital peace of mind.
UK GDPR consultancy and problem-solving
Do you have an ongoing legal requirement for UK GDPR data protection compliance? Or does your business, school or organisation need occasional help with getting procedures and documentation in place? Whatever the scenario, we can help you. Allott and Associates will guide you through your data protection obligations, providing GAP analysis and ongoing data protection monitoring to ensure you stay legal and compliant.
UK GDPR documentation
As a result of UK GDPR, you’ll find that most existing privacy notices or privacy policies will need updating to include information about how your organisation manages and processes data.
Remember that anyone can be liable if there is a breach of personal data. The implications of any breach are far-reaching, and can be financially and reputationally devastating. So, it’s best to be covered. Your privacy policies also need to acknowledge all the rights granted to data subjects, and the handling process. Understanding the law and how to apply it is absolutely critical to getting this right.
We’re experienced in drafting many types of UK GDPR documentation and will help you ensure yours is right and up to date.
Bespoke UK GDPR training
Ensuring your people have the right knowledge and skills to tackle data protection accurately and confidently isn’t always easy. That’s why we’ve created a range of bespoke training options for businesses and schools, including on-site training, webinars, breakfast seminars, half and full day courses – covering everything you need or more specific aspects of data protection and the updated UK GDPR. The training is suitable for groups of three or more people, and we can host individual sessions too.
International data transfers
If you’re handling European data, or plan to transfer any personal data overseas for trips or even just overseas storage, we can provide guidance and documentation to ensure you’re fully compliant.
In the UK, all organisations including businesses and educational establishments, are not only required to comply with UK GDPR, but also to comply with the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR).
Managing data subject access requests
Data subjects have a right to receive a copy of the data/information held about them. Or they can authorise someone to act on their behalf. Do you know what proof of identity can be legally requested? Do you know how much to charge, or if you can charge? We’ll help you ensure you have the right documentation and procedures in place to handle these requests.
Responding to Freedom of Information requests
For public sector organisations, anyone can ask for information that is held about them. That said, you’re not always obliged to provide the information. In some cases, there’s a good reason why you shouldn’t make public some or all of the information requested. We can provide guidance on dealing with Freedom of Information requests and any exemptions.
GDPR compliance for your marketing