GDPR Compliance

Under the General Data Protection Regulations (“GDPR”) businesses and organisations will have to take a number of steps to achieve compliance.

In order to demonstrate compliance with the GDPR and, perhaps more importantly, to mitigate any enforcement action by the Information Commissioner’s Office, businesses should put in place:

  1. Policies and procedures in respect of their processing of personal data
  2. Test their systems and procedures regularly
  3. Training the staff appropriately

In a bit more detail, this means the business will need to have in place:

  1.  Privacy notices (both internal and external)  telling staff and the outside world what they are doing with their personal data.
  2. A data handling policy which sets out the businesses policies and practices staff must follow when handling personal data. This document will protect the business if a staff member acts beyond their powers and causes a data protection breach.
  3. Processing agreements in any situation when a controller / processor relationship arises. This document is required under the GDPR and will have a list of prescriptive clauses that must be contained within it setting out the responsibilities of the processor to the controller.
  4. A data protection officer (if required under the GDPR).
  5. A process to consider international transfers of personal data to ensure they are lawful by, for example, putting in place standard contractual clauses or other appropriate safeguard.
  6. A process to test their internal reporting pathways so if, for example, a data subject access request is received at reception there is a pathway to make sure it is provided to the responsible individual in order it can be dealt with in the required timeframes.
  7. A process to regular test the security of personal data including the IT systems and physical security at the business premises.
  8. A training program to ensure staff are aware of their responsibilities and are adequately trained in relation to data protection.

 

Have you read our GDPR Guides?

Everything you wanted to know but never dared to ask.

FULL PDF -> Step by Step guide to achieve GDPR Compliance.

FULL PDF -> GDPR Everything you NEED to know 

FULL PDF -> Do I need a Data Protection Officer? 

 

Data, IT & Technology Team

  • All departments
  • Agricultural Law
  • Banking and Finance
  • Brexit
  • Business Disputes
  • Commercial Law
  • Commercial Property
  • Competition Law
  • Construction
  • Construction disputes
  • Consumer Law
  • Corporate - MBOs & MBIs
  • Corporate Governance
  • Corporate Law
  • Corporate lending
  • Data, IT & Technology
  • Debt Recovery
  • Disputes - Declarations of trust
  • Disputes - Probate and inheritance
  • Disputes - Professional negligence
  • Disputes - Restrictive Covenants
  • Disputes - Shareholders & Partnership
  • Disputes - Tenants in Residential Property
  • Disputes - Wills, trusts & probate disputes
  • Disputes and Small Claims
  • Disputes with Co-owners
  • Divorce
  • Employee - Termination
  • Employer - Termination
  • Employment
  • Employment - Business protection
  • Employment - Collective consultations
  • Employment - Contracts, services, consultancy
  • Employment - Employee benefits
  • Employment - Employee Procedures
  • Employment - Equality, discrimination and harassment
  • Employment - Family Friendly Rights
  • Employment - GDPR and Data Protection
  • Employment - Post employment obligations
  • Employment - Redundancy & Reorganisation
  • Employment - Settlement Agreements
  • Employment - Tribunal Claims
  • Employment - TUPE
  • Employment - Wages, holiday and sick pay
  • Employment - Workers rights
  • Employment Tribunal claims
  • Estate Administration
  • Expat Legal Services
  • Family Law
  • Financial Services
  • GDPR
  • Help to Buy
  • Immigration law
  • Intellectual Property
  • International Legal Services
  • Key Property Contacts
  • Land and Property Disputes
  • Land, development and construction
  • Lasting Powers of Attorney
  • Leasehold
  • Licensing Law
  • Money, Tax and Inheritance
  • New Build Conveyancing
  • New Businsess
  • Property Finance
  • Property Law
  • Recovery & Insolvency
  • Regulatory, Compliance & Competition
  • Residential Property
  • Residential Property - Shared Ownership
  • Wills, Trusts and Probate

Latest news & insights

Contact Us

London

60 St Martins Lane, Covent Garden, London, WC2N 4JS 

+44 (0) 203 755 0557

 

Camberley

Building 2  Watchmoor Park, Riverside Way, Camberley, Surrey. GU15 3YL

+44 (0)1276 686 222

 

Wokingham

Opening Soon

+44 (0)118 977 4045

info@herrington-carmichael.com

© 2020 Herrington Carmichael LLP. Registered in England and Wales company number OC322293.

Herrington Carmichael LLP is authorised and regulated by the Solicitors Regulation Authority.

Privacy   |   Terms and Conditions   |   Cookies   |   Client Feedback