Data Protection Advice & Consultancy
We can advise on current law and best practice for your industry.
We recommend to all our clients that they start preparing for the General Data Protection Regulation which comes into force in May 2018. We can help you plan the implementation measures and provide guidance on how the provisions might be interpreted and update you when new guidance from the Information Commissioner’s Office or the EU’s Article 29 Working Party is available.
For compliance advice and solutions that work best for your business, ask us about specific data protection issues or more general privacy and eCommerce concerns.
Providing ongoing support and expertise
A client in the social housing sector requested support for a period of time following the loss of an employee whose data protection knowledge and expertise had been key to the compliant conduct of the business. We had regular meetings with the client and provided online support in handling day to day issues such as requests from the Police or local authorities for access to personal data, handling subject access requests and responding to queries from the business. During that time we helped to train compliance staff to take over the data protection compliance role.
Updating policies and procedures
Clients often ask us to revision their data protection policies and procedures and other procedures which impact on data protection compliance such as IT Security and Appropriate Use Policies, Call Recording Procedures, CCTV Policy and Procedures. One client requested an update to reflect current guidance and practice while ensuring that policies were clear and unambiguous. We worked within a capped budget and achieved the objective within the parameters set.
A bureau which traced consumers on behalf of banks and other large institutions wanted to offer its tracing services direct to consumers but was prevented by the fact that it had only processed consumer data on behalf of others so it had no authority to process the personal data for its own purposes.
By requiring consumers to register to access the third parties trying to locate them (the banks etc) the bureau repositioned itself as the organisation in control of personal information. This meant that it could process the information for its own purposes as well as on behalf of its principals.
Marketing activity was undertaken with strict adherence to consumer marketing preferences and data protection rights.
Responding to tenders for service provision
A client was asked in a tender document for a data protection policy statement.
Based on the company’s data protection compliance activity, we were able to adopt a positive position in the tender response. We included the company policy on data protection approved by the board and a robust statement about the compliance and information security audit activity we undertook to ensure that the company continued to meet its stated policy. We won the tender, it was a £1 million contract.
Making tough decisions about breach reporting
In the UK reporting data security breaches is voluntary outside of the telecommunications sector. Nevertheless the guidance from the Information Commissioner’s Office is that significant breaches should be reported. We help clients assess the risks inherent in data security breaches and provide advice on the crucial issues of when to report breaches.
Contact us for peace of mind on data protection and e-commerce issues