GDPR and Data Protection
Although there was a Data Protection Act in 1998, it was only in May 2018, with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), that people really took that much notice.
I can help you get your business organised so that you are compliant with GDPR. There is much more to this than simply encrypting your website or emails, and it is worth taking a little time to understand the key elements so that you make the right decisions for your business.
Some businesses will have received new contracts, or additions to contracts, with pages of GDPR clauses. They can look daunting, but most are simply setting out what is required by GDPR. The problem is that the most important parts have to be specific to the contract, and these rarely seem to be completed correctly. Whilst this may not seem important, GDPR makes it important for both the database owner (known as the Data Controller) and the person doing work on it for them (the Data Processor) to ensure that they comply and they must tell each other if they are not, so you cannot simply ignore a breach of the law by the other side.
The main thing that businesses are seeing as a result of GDPR is a flurry of new privacy notices or privacy policies. GDPR gives rights to a range of individuals, and you need to be thinking about GDPR in terms of your customer data, the data you hold on your employees and information on your marketing files. The basis on which you are collecting, storing and using that data will vary, and you need to make sure that you give people the right information.
I can provide you with draft privacy notices, but, more importantly, I can work with you to help you understand them and make sure that the information you include is correct.
I can assist you with other contracts and documents relating to GDPR whether you are a Data Controller or Data Processor, and whether you are working on data or transferring it.