Data Protection & GDPR
If you need experienced and practical lawyers for advice on GDPR, the GDPR rules, data breach issues, the implications of data for commercial transactions and how you can plan for these, please do get in contact with us.
All businesses collect, store and use personal data of customers, suppliers, employees and other individuals – such as names, emails and residential addresses, credit card details or date of birth.
Our experience and servcies range from protecting you and your business from data protection risks and liabilities through to advice if and when a breach occurs. If this happens, the implications can range from commercial law to employment law, regulatory law and even criminal law.
If you need lawyers or legal advice for your business relating to GDPR or data protection or risks, we provide highly experienced, cost effective and practical advice. Please do get in contact.
Data Protection legal advice and services
We offer a wide range of key GDPR and Data Protection legal advice and services including :-
- Advice and training on the GDPR Rules and preparing GDPR and data protection policies.
- Data Processing Agreements including international data processing.
- Compliance, auditing and assessment of GDPR and data risks.
- Legal advice on data controller laws and responsibilities.
- Advising on data breaches and breaches of GDPR.
- Dealing with employment law and employee issues with GDPR and compliance by employees.
- Advice on contract issues relating to data and GDPR.
- Electronic marketing in compliance with the Privacy and Electronic Communication Regulations (PECR).
- Assistance with the accountability principle, including maintaining records to demonstrate compliance and adopting policies and procedures.
- Data protection legal issues when dealing with EU and international businesses.
Data Protection issues in M & A and contracts
Businesses that assume that the only risks associated with GDPR are enforcement fines and adverse publicity are wrong.
Data protection and management are now an important part of due diligence for corporate transactions, whether sales or purchases of business, inward investment or borrowing.
Another area of increasing significance are the warranties that may be expected upon an exit of the business. There have been cases where sellers have been held responsible for data breaches which may have happened many years earlier. Often the breaches are latent meaning they are not something that the seller knows about and hence does not disclose.
Businesses also increasingly find, when dealing with a high value and important new contractual relationship, data protection and management is a significant issue. On a commercial level, GDPR is a significant consideration and becoming more relevant not less, regardless of Government enforcement or sanction.
Where concerns arise about data management and protection in commercial transactions, these can result in transactions being slowed down or even aborted. Simply having a policy and training records in our experience, simply won’t cut the mustard.
Data Protection Legal Advice and Services
Many of the compliance tasks can be undertaken primarily by your organisation internally. Carrying out the due diligence, documenting processes and systems, putting in place control systems, authorisation levels etc. and writing and compiling policy papers and records as required by the legislation are tasks that will require access to operational personnel information and would be time consuming.
We can assist with:
- reviewing and commenting on operational documentation such as data retention policies, IT security policies, data sharing and access rights policies;
- communicating with regulators (for example, if there is an audit, investigation or a complaint against the business or an individual); and
- addressing data subject access requests, including what you do and don’t need to disclose including those received from ex-employees in the context of employment disputes.
- data controller and data processor obligations;
- data protection and data security considerations for e-commerce websites and SaaS;
- data obligations and responsibilities in agreements with customers and suppliers;
- contracts with data processors and sub-processors, including cloud service providers;
- data protection and data security aspects of corporate transactions, including share sales and asset sales;
- international data transfers and the use of EC and UK approved Standard Contractual Clauses (SCCs);
- privacy notices for employees and consultants;
- handling data breaches;
- theft of data, intellectual property, confidential information, trade secrets;
- data processing and sharing agreements.
- due diligence aspects of data management when dealing with new or important business contracts.
- data aspects of preparing a business for sale.
- buying and selling databases.
- handling of employee data, recruitment and monitoring practices.
We can also help with handling complaints, responding to contact from the ICO, and minimising the fallout from data breaches.