Do you need the help of a data protection officer?
Maybe you have an ongoing legal requirement for GDPR data protection compliance or just need occasional help with getting your procedures and documentation in place. Whatever the scenario, why not outsource your requirements to Allott and Associates.
Allott and Associates can guide your business, or organisation, through its data protection obligations, provide GAP analysis and provide ongoing data protection monitoring to ensure you stay legal and compliant.
Supporting services include Data Protection Impact Assessments (DPIA), ongoing data protection guidance, resolving data protection related legal issues and acting as the interface with the Information Commissioner’s Office.
Support can be provided remotely or onsite depending on the project and budget. For a free, confidential no obligations discussion and quote, please contact Allott and Associates.
Need bespoke data protection training for your business?
Allott and Associates can offer a variety of bespoke training options at your premises including breakfast seminars, half day and full day courses or training to cover specific aspects of data protection and GDPR. Suitable for groups of three or more people, please contact Allott and Associates for more details.
Do I need GDPR Support?
GDPR, which stands for the General Data Protection Regulation, came into force in May 2018. GDPR affects virtually all businesses and trade associations large and small including schools, the health service, and the public sector and even charities.
Arguably GDPR, which is an EU regulation that the UK is committed to keeping post Brexit, is the biggest change affecting businesses since the introduction of the Human Rights Act in 1998.
GDPR affects nearly every aspect of business from personal records to accounting and marketing. Failure to adhere to the new rules will result in fines of up to €20 million or 4% of turnover, whichever is greatest. Despite a fanfare of publicity some businesses have not yet made the necessary changes and consequently run the risk of ICO censorship or even a large fine.
Businesses also need to ensure that they have the right procedures in place to detect, report, investigate and if necessary report to the ICO any personal data breaches.
If you think this is challenging, your business will also need to consider whether it should formally designate a Data Protection Officer (DPO) and if your organisation operates in more than one EU member state, you will also need to determine your lead data protection supervisory authority and document it.
If this all sounds very complicated, you should strongly consider seeking external professional guidance from someone like Allott and Associates.
Allott and Associates is already working with businesses, both SMEs and much larger bodies, to help them with GDPR training and GAP analysis audits to make the changes needed to stay lawful. Allott and Associates helps clients identify their new legal obligations through onsite audits and then provides the guidance needed where in-house policies need changing.
The audit takes one day pre-prep, one day onsite and one day preparing the written report with a subsequent follow-up meeting completed by a GDPR qualified Practitioner. Following implementation of the changes needed, an optional further mini audit can take place to check that everything has been implemented.
Having the peace of mind to know that your business or organisation has made the changes necessary is worth its weight in gold.
GDPR Privacy Notices
As a result of GDPR most existing privacy notices or statements will need redrafting to include more information concerning how data is managed and processed. For the first time companies not just controlling data but also processing data will be treated as jointly and severally liable if there is a breach of personal data. The privacy notice will also need to acknowledge the new rights granted to data subjects and the processes for handling these. Understanding the law and how to apply it is critical to getting it right.
If you need help with drafting or amending your company’s privacy notice please talk to Allott and Associates because the agency has GDPR drafting experience ranging from plcs and charities to SMEs, and would be delighted to provide a quotation.
All work is completed in-house by a qualified GDPR practitioner who also has a law degree, so rest assured, you are in safe hands.
Data in the post-Brexit era
Post Brexit, GDPR is likely to be directly incorporated into UK domestic law, this will sit alongside the Data Protection Act 2018 and either PECR or its proposed successor, the EU driven ePrivacy Regulation, which will also need incorporating into UK law.
In a nutshell, UK data protection legislation has a wider scope than GDPR but as long as your business was compliant under GDPR it should still be able to share data with EU counterparts after the Brexit separation.
Ultimately, businesses in the UK and wider EU have GDPR to thank for encouraging better data handling practices such as greater transparency and more data subject rights – although businesses and other organisations may not always see it that way!
For more information and further guidance or a bespoke quotation for all or any of the GDPR services outlined, please call Allott and Associates today on 01423 867264 or 0207 257 2017.
“Allott and Associates provided CCS with first-class guidance and training when we were preparing for the GDPR. Philip’s insights and suggestions helped us focus on the real matters that needed to be addressed, and also dispelled many of the ‘GDPR myths’! We would highly recommend their services.”
CCS 2000 Ltd
“I would like to say, the course was very professionally delivered and very informative. Your delivery was excellent and certainly, for me, it was pitched ‘just right’! I would have no hesitation in recommending Allott and Associates to any of my colleagues and I hope that we can work together in the future. “
Mrs Debbie Turner M.A.M.S
Turner-Medical Practice Management