What we do & why we do it
Data Protection – what’s so important?
Since the General Data Protection Regulation (GDPR) came into force in May 2018 organisations have had to take data protection very seriously. The GDPR gives individuals more control over their personal data as well as giving us a number of associated rights. We are all individuals so we should welcome such a regulation from our own personal perspective. We can compel organisations to tell us what personal information they hold about us, to correct the information if it’s incorrect, to delete it in many circumstances, and to send us copies at our request.
Following Brexit, the GDPR was brought into UK law as the UK GDPR, and this is supplemented by the 2018 Data Protection Act. Another (much older) regulation is the Privacy and Electronic Communications Regulation 2013 (PECR) which regulates communications by telephone, email, text etc. and again exists to protect individuals from unfair treatment such as unwanted calls etc.
Under data protection legislation, organisations are required by law to be transparent about how they handle our data, to protect our personal information by putting in place technical and organisational controls, and to only process our data if they have a lawful basis for doing so. Furthermore, organisations must tell us who they share their data with and put in place certain written policies and procedures, as well as ensuring that staff are trained in data protection. The Information Commissioner can impose substantial fines on organisations that fail to comply.
Virtually all businesses must register with the Information Commissioner’s Office (ICO) and pay a small annual fee, and some are required to appoint a Data Protection Officer (DPO) depending upon the type or volume of data they process. In fact, businesses are encouraged to consider appointing a DPO even if not mandated to do so, as this is seen as best practice, helps to maintain compliance, and sends a positive message to customers, employees, suppliers and other stakeholders.
Any business that targets individuals overseas will often have additional obligations. In some cases, depending upon where their customers are located, they will need to appoint a representative in that territory, and if they have customers or target customers in a ‘third country’ then additional documentation and safeguards must by law be put in place. This applies to many countries including for example the U.S.A., Australia, South Africa, India, China etc. Whatever your data protection requirements might be, LAUDIS can help; whether it be helping to put together the mandated policies and procedures, supply you with a qualified and experienced part-time Data Protection Officer, conduct a data protection audit or gap analysis, or offer ongoing support and guidance in order to keep you compliant.
Together with our cyber security partners we are also able to provide you with advice as well as certifications to demonstrate your compliance both in data protection and information security, and to protect your business from external threats.