What we do - Data Protection
At LAUDIS, we help businesses become and remain compliant with all relevant data protection regulations. Professional, experienced experts are able to provide a range of services, delivered in a pragmatic, down-to-earth way, using our extensive business and commercial background to ensure that solutions are workable and commercially practicable.
We offer affordable monthly packages to help keep you compliant, deal with any data protection related issues that may come up, review documents, answer questions though telephone and email support, and generally give you and all your stakeholders comfort that you take data privacy seriously. Contact us for further details
Data Protection – what’s so important?
Since the General Data Protection Regulation (GDPR) came into force
in May 2018 organisations have had to take data protection very seriously.
The GDPR gives individuals more control over their personal data as well as giving
us a number of associated rights. We are all individuals so we should welcome
such a regulation from our own personal perspective. We can compel organisations
to tell us what personal information they hold about us, to correct the information
if it’s incorrect, to delete it in many circumstances, and to send us copies at our
Following Brexit, the GDPR was brought into UK law as the UK GDPR, and this is supplemented by the 2018 Data Protection Act. Another (much older) regulation is the Privacy and Electronic Communications Regulation 2013 (PECR) which regulates communications by telephone, email, text etc. and again exists to protect individuals from unfair treatment such as unwanted
Under data protection legislation, organisations are required by law to be transparent about how they handle our data, to protect our personal information by putting in place technical and organisational controls, and to only process our data if they have a lawful basis for doing so. Furthermore, organisations must tell us who they share their data with and put in place certain written policies and procedures, as well as ensuring that staff are trained in data protection. The Information Commissioner can impose substantial fines on organisations that fail to comply.
Virtually all businesses must register with the Information Commissioner’s Office (ICO) and pay a small annual fee, and some are required to appoint a Data Protection Officer (DPO) depending upon the type or volume of data they process. In fact, businesses are encouraged to consider appointing a DPO even if not mandated to do so, as this is seen as best practice, helps to maintain compliance, and sends a positive message to customers, employees, suppliers and other stakeholders.
“Nick has supported us through a period of rapid growth in clients, people, locations, products and systems. As for so many firms, data is at the heart of our legal work and we cannot afford to be cavalier about compliance or security. He has guided us with the necessary expertise but it is his real life input that has enabled us to address data priorities in a pragmatic and effective manner. His guidance has enabled us to achieve Cyber Essentials and IASME certification as well as to navigate some of the conflicting dynamics between competing data rights. He is also a joy to work with and I recommend him wholeheartedly.”
Johnny Nichols, Chief Operating Officer
Keller Lenkner UK Ltd
Any business that transfers personal data overseas will often have additional obligations. In some cases, depending upon where their customers are located, they will need to appoint a representative in that territory. For example if you are a UK business and you target customers in the EU, you will probably be required to appoint a representative in the EU (we can offer this service). Any business that transfers data to a ‘third country’ e.g. the US, India, maybe because they use a software package that is hosted overseas, then additional documentation and safeguards must by law be put in place.
This applies to many countries including for example the U.S.A., Australia, South Africa, India, China etc. Whatever your data protection requirements might be, we can help; whether it's helping you to put together the mandated policies and procedures, supplying you with a qualified and experienced part-time Data Protection Officer, conducting a data protection audit or gap analysis, or offering ongoing support and guidance in order to keep you compliant.
Together with our cyber security partners we are also able to provide you with advice as well as certifications to demonstrate your compliance both in data protection and information security, and to protect your business from external threats.