Search site
Call our office
Make an enquiry
Solicitors within Franklins’ Corporate Regulatory Compliance division are able to advise and assist organisations should there be a breach under the 2018 General Data Protection Regulation (GDPR).
Data Protection compliance basically means that organisations fall within the scope of the Data Protection legislation which regulates the proper handling of personal and sensitive data.
Data Protection is important because it controls how personal information can be used, stored, accessed etc. It provides the individual with rights of access, including updating, correcting and deletion of data.
Data Protection Act 2018.
According to the Information Commissioner’s Office (ICO) “personal data means any information relating to an identified or identifiable natural person (“data subject”), an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
The Data Protection Act does not apply to organisations or businesses.
Types of personal data can be obvious such as a name, address, date of birth, email, telephone number but also includes credit card, account data, number plate, appearance and bank details. The ICO classifies data into categories according to their sensitivity: public, private, confidential and restricted.
Following the identification of a data breach, an organisation has 72 hours to report the breach to the ICO. Failing this, the business can incur a maximum fine of up to £8.7m or 4% of the business’s turnover, whichever is the higher. As soon as a breach is identified, an organisation needs to preserve all breach evidence, contain the breach and investigate the reason for the breach, Through a well-developed incident response plan, organisation can limit the damage caused by a breach an recover more quickly by restoring any systems they may have lost or which have been compromised.
Franklins can provide risk mitigation by supporting preventative measures via a Data Protection audit and from this help to develop a robust incident response plan. In the event of a breach we can also support in any interactions with the ICO to put a recovery plan in place.
The GDPR is regulated by the supervisory authority, The Information Commissioner’s Office (ICO).
There are strict time frames for notifying the ICO of any breach.
Data controllers must notify the ICO of a personal data breach in which there is a risk to the data subject’s rights no later than 72 hours after becoming aware of it. The notification must include:
A number of factors will be taken into account by the ICO when deciding the level of fine. Given that the fine can be 4% of the total worldwide annual turnover (note not profit), these could be critical to the survival of a business. These factors include:
Seeking advice promptly and responding to the breach quickly with a clear plan of action is vital.
Data Protection compliance involves adhering guidelines for the collection and processing of personal information from individuals within the UK and EU. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation. It requires businesses to protect personal data and uphold the privacy rights of individuals.
Compliance with data protection is crucial for safeguarding personal data and maintaining trust with customers. It helps prevent data breaches and fines, ensuring that businesses respect the privacy of individuals and operate within legal frameworks.
Data protection affects businesses by imposing strict rules on data handling and storage and requiring transparency about how personal data is used. Businesses must implement robust data protection measures and may need to appoint Data Protection Officers (DPOs) depending on their business type and scale of data processing.
A DPO is responsible for overseeing data protection strategy and implementation to ensure compliance with data protection requirements. They monitor data processing activities, conduct data protection impact assessments, and act as a point of contact for data subjects and supervisory authorities.
Non-compliance with data protection laws can result in significant penalties, including fines of up to €20 million or 4% of the annual global turnover of the preceding financial year, whichever is higher. Businesses may also face reputational damage and loss of customer trust.
Franklins Solicitors offers expert guidance on data protection legislative compliance, helping businesses develop and implement data protection policies. We provide services such as:
If you have any questions about Data Protection Compliance, please don’t hesitate to contact our team of experts who are on hand and ready to help you.
