GDPR Compliance
Under the General Data Protection Regulations (“GDPR”) and Data Protection Act (“DPA”), businesses and organisations will have to take a number of steps to achieve compliance.
In order to demonstrate compliance with the GDPR and, perhaps more importantly, to mitigate any enforcement action by the Information Commissioner’s Office, businesses should put in place:
- Policies and procedures in respect of their processing of personal data
- Test their systems and procedures regularly
- Training the staff appropriately
In a bit more detail, this means the business will need to have in place:
- Privacy notices (both internal and external) telling staff and the outside world what they are doing with their personal data.
- A data handling policy which sets out the businesses policies and practices staff must follow when handling personal data. This document will protect the business if a staff member acts beyond their powers and causes a data protection breach.
- Processing agreements in any situation when a controller / processor relationship arises. This document is required under the GDPR and will have a list of prescriptive clauses that must be contained within it setting out the responsibilities of the processor to the controller.
- A data protection officer (if required under the GDPR).
- A process to consider international transfers of personal data to ensure they are lawful by, for example, putting in place standard contractual clauses or other appropriate safeguard.
- A process to test their internal reporting pathways so if, for example, a data subject access request is received at reception there is a pathway to make sure it is provided to the responsible individual in order it can be dealt with in the required timeframes.
- A process to regular test the security of personal data including the IT systems and physical security at the business premises.
- A training program to ensure staff are aware of their responsibilities and are adequately trained in relation to data protection.
Quick links
Have you read our GDPR Guides?
Everything you wanted to know but never dared to ask.
FULL PDF -> Step by Step guide to achieve GDPR Compliance.
FULL PDF -> GDPR Everything you NEED to know
FULL PDF -> Do I need a Data Protection Officer?
Related services
Data, IT & Technology Team
- All departments
- Agricultural Law
- Brexit
- Careers
- Co Co - Employee Share Schemes
- Co Co - Recovery & Insolvency
- Co Co - Restructuring
- Co Co Corporate Governance
- Co Co Corporate lending
- Co Co Financial Services
- Co Co Franchising
- Co Co GDPR
- Co Co in-house legal support
- Co Co International Contracts
- Co Co M&A's
- Co Co MBOs & MBIs
- Co Co Partnership and LLPs
- Co Co Regulatory, Compliance & Competition
- Co Co Shareholders Agreements
- Co Co Terms and Conditions
- Co Co- Intellectual Property
- CoCo - Banking and Finance
- CoCo - New Businsess
- CoCo Competition Law
- CoCo Consumer Law
- CoCo Data Protection - Marketing
- CoCo Data, IT & Technology
- Commercial Law
- Commercial Property
- Construction
- Corporate & Commercial
- Corporate Law
- Debt Recovery
- Dispute Resolution
- Disputes - Business
- Disputes - Declarations of trust
- Disputes - Probate and inheritance
- Disputes - Professional negligence
- Disputes - Restrictive Covenants
- Disputes - Shareholders & Partnership
- Disputes - Tenants in Residential Property
- Disputes - Wills, trusts & probate disputes
- Disputes and Small Claims
- Disputes Construction
- Disputes with Co-owners
- Divorce
- Employee - Termination
- Employer - Termination
- Employment
- Employment - Business protection
- Employment - Collective consultations
- Employment - Contracts, services, consultancy
- Employment - Employee benefits
- Employment - Employee Procedures
- Employment - Equality, discrimination and harassment
- Employment - Family Friendly Rights
- Employment - GDPR and Data Protection
- Employment - Post employment obligations
- Employment - Redundancy & Reorganisation
- Employment - Settlement Agreements
- Employment - Tribunal Claims
- Employment - TUPE
- Employment - Wages, holiday and sick pay
- Employment - Workers rights
- Employment Tribunal claims
- Estate Administration
- Expat Legal Services
- Family Law
- Financial Services
- GDPR
- Help to Buy
- Immigration law
- International Legal Services
- Key Property Contacts
- Land and Property Disputes
- Land, development and construction
- Lasting Powers of Attorney
- Leasehold
- Licensing Law
- Money, Tax and Inheritance
- New Build Conveyancing
- Private Wealth and Inheritance
- Professional Negligence
- Property Finance
- Property Law
- Residential Property
- Residential Property - Completions
- Residential Property - Shared Ownership
- Trainee Solicitor
- Wills, Trusts & Probate
Latest news & insights
Copyright Infringement – what is it and how can it be avoided?
The risks of copyright infringement can be mitigated by undertaking analysis at the outset and, where appropriate, by ensuring that licences are in place…
Net Zero – Commercial Drafting
Commercial contracts: in 2022 and beyond businesses are looking further than their ESG initiatives to achieve net zero.
The International Data Transfer Agreement: Key Points
The International data transfer agreement is an appropriate safeguard that can be used by organisations to transfer personal data overseas.
Email: info@herrington-carmichael.com
Farnborough
Brennan House, Farnborough Aerospace Centre Business Park, Farnborough, GU14 6XR
Reading (Appointment only)
The Abbey, Abbey Gardens, Abbey Street, Reading RG1 3BA
Ascot (Appointment only)
102, Berkshire House, 39-51 High Street, Ascot, Berkshire SL5 7HY
London (Appointment only)
60 St Martins Lane, Covent Garden, London WC2N 4JS
Privacy Policy | Legal Notices, T&Cs, Complaints Resolution | Cookies | Client Feedback | Diversity Data
Our Services
Corporate Lawyers
Commercial Lawyers
Commercial Property Lawyers
Conveyancing Solicitors
Dispute Resolution Lawyers
Divorce & Family Lawyers
Employment Lawyers
Immigration Law Services
Private Wealth & Inheritance Lawyers
Startups & New Business Lawyers
Please be aware that we have no plans to change our bank details. If you receive any indication that any of our bank details have changed please contact us before sending us any funds. We take no responsibility for monies you transfer into the wrong bank account.
© 2024 Herrington Carmichael LLP. Registered in England and Wales company number OC322293.
Herrington Carmichael LLP is authorised and regulated by the Solicitors Regulation Authority with registration number 446245.