With record fines being issued and increased co-ordination between the ICO and other regulators to bring to light non-compliant data protection practices, having robust data protection policies and procedures in place has never been more important.

The General Data Protection Regulation and The Data Protection Act 2018 came into force on 25th May 2018, replacing The Data Protection Act 1998. All organisations that gather, hold or process personal information are subject to the GDPR, which has undoubtedly increased the threshold for what is expected from organisations to ensure the fair and lawful processing of personal data

Some of the services we offer firms include:

• Data unlocking – maximise the value of your database
• Data Flow Mapping
• Data Protection Impact Assessments
• Legitimate Interest Assessments
• Due Diligence on data providers and data provenance assessments
• Drafting GDPR compliant Privacy Policies
• Drafting GDPR and Information Security Policies
• Outsourced Data Protection Officer services
• Assessing marketing campaigns
• Assessing the use of Adtech, data profiling and AI for automated decision making
• Regulatory engagement in instances of complaints and/or investigations
• GDPR training

The maximum fine that can be imposed on an organisation for getting it wrong has increased significantly to 20 million euros or 4% of annual turnover (whichever is higher), compared to a maximum of £500,000 under the previous regime. Therefore, having robust data protection and information security frameworks in place are more important than ever.