Is your organisation one of the many that has put data protection considerations on the back burner recently? If so, now is the time to put it back on your agenda to review and, if necessary, take steps to get it back on track.

Why? Partly because data protection compliance is an ongoing process all businesses are required to comply not only with the Data Protection Act 2018 but also with UK GDPR. In addition, significant changes have taken place since the introduction of the GDPR in 2018, and it is now advisable for reviews of what was put in place to be carried out to ensure that this remains compliant. The changes includes, for example, the introduction of UK GDPR following Brexit, and changing methods of facilitating cross border data transfers.

What should you expect next?


The UK Government has announced that it is working on post-Brexit global data plans designed to boost growth and increase overseas trade. This is expected to result in a series of new ‘data
adequacy’ partnerships with a range of countries. There are also changes being made to the approach taken by other countries, and ever increasing regulatory frameworks. These will undoubtedly come with compliance aspects which will apply to all businesses trading or transferring data abroad.

Data protection will inevitably continue to become more complex and subject to ongoing changes. Businesses large and small need to accept that they cannot just address data compliance once and think a box has been ticked. There is going to be an ongoing long-term need to ensure data is being handled and protected correctly across your business.

What might have affected your data protection compliance recently?


Below are just some of the key trigger points which might make it particularly important for you to review your position now.

  • You have undergone staff changes and a different person or different team has taken over responsibility for your data protection compliance.
  • The structure or scope of your business has changed as a result of Covid or you have begun to process data in a different way.
  • You have set up a new business and have not yet considered your data protection position at all.
  • You are transferring data outside the UK and have not reviewed your compliance processes since Brexit.
  • The nature of your business, and therefore the purpose of the data you are keeping or the nature of what you retain, has changed.
  • You haven’t had a data protection audit to check whether you are compliant since with the initial introduction of GDPR in 2018.

Have you identified specific data areas that need attention?


Compliance in some form is usually the catalyst for seeking legal support on data issues, but this can come in a range of guises. Here are some of the most frequent reasons for clients approaching us:

  • Responding to subject access requests
  • Advising on data security and related issues
  • Protecting confidential information
  • Advising on international data transfers
  • Dealing with special categories of personal data
  • Advising on processing data relating to criminal convictions
  • Dealing with complaints, Information Commission Office investigations and enforcement actions
  • Managing the consequences of a data breach
  • Training staff on all aspects of data protection, privacy and information security
  • Advising on the data protection issues raised by the sale or purchase of a business.

Where data is concerned, taking a proactive, ‘prevention is better than cure’, approach will stand your business in good stead. This is why we are currently encouraging clients to discuss their data protection requirements and compliance sooner rather than later.

How can Prettys help on an ongoing basis?


In very flexible, bespoke ways depending on the needs of your business.

Some of the businesses who seek our support have long-established data protection teams usually headed by a Data Protection Officer (DPO) or Data Protection Manager. Others have data protection responsibilities sitting within a Human Resources or other function, and no one dedicated to it as a
full-time role.

Some just want us to update them about changes and offer proactive advice if they take on new projects involving different types or treatment of data or if there is a breach. Others want us take on the role of their DPO and provide a full compliance and training service.

We meet these differing needs by tailoring our service to suit the circumstances – this may result in regular monthly retainer, a fixed-price project, or ad hoc advice on traditional hourly rate.

We are happy to work with you in whatever way you wish but the most sensible starting point for clients who haven’t used our data protection service before is a conversation with one of our specialists.

Why choose us for your data protection support?


Because in most cases, whatever your current issues we’ll have come across them before. We’ll also talk about them in layman’s language not jargon. Our aim is to ensure that we take away as much of the data protection compliance burden as you want us to, in a cost-effective way, leaving you free to concentrate on your core business.

Our data protection lawyers are specialists in this field. Both Matthew Cole and Emma Loveday-Hill hold the CIPP/E (Certified Information Privacy Professional Europe) qualification. Emma also holds the CIPM (Certified Information Privacy Manager) accreditation. Matthew has a particular specialisation in acting for businesses in the BioTech sector.

What to do next


Get in touch in whichever way suits you best. Call us on 01473 232121 for a no-obligation conversation about your data protection needs and how we might help or email dataprotection@prettys.co.uk giving a few brief details about your business and your key reason for contacting us now.

Matthew Cole
Emma Loveday-Hill