Data protection is an area of law of vital importance to both individuals and businesses. In the UK the primary source of law is the General Data Protection Regulation (GDPR). Businesses which collect personal information of customers, potential customers, employees or other individuals must process that information lawfully. This includes complying with the six data processing principles set out in the GDPR and ensuring that the organisation has a valid legal basis for the processing of the information.
This is a large and complex area of law but some key points for businesses to note in particular include the need:
- to have in place appropriate privacy policies setting out what personal information the business processes, for what purpose and on what lawful basis, advising individuals of their rights in relation to their information and other information required to be provided
- to be able to recognise and know how to respond to a subject access request when an individual requests a copy of the information held by the business about them
- to ensure that if any third party handles personal information on behalf of the business an appropriate agreement with the third party and safeguards are put in place
- to understand and comply with applicable laws if transferring information to another country
- to understand and comply with applicable laws relating to the use of cookies on websites and consents required in relation to marketing activities
The penalties and fines for breaches of data protection law can be very severe so it is important for businesses to understand their obligations and take them seriously.
Our data protection lawyers have considerable experience in preparing and advising on privacy policies, assisting in relation to responses to subject access requests and advising generally on data protection law.
If you would like help or legal advice in relation to any aspect of data protection law, please contact a member of our data protection law team on 08081668827.
For further information you may be interested in:
- GDPR overview
- New UK GDPR
- Responding to subject access requests
- £183m fine for data protection breach
- Data protection checklist and action plan
- Privacy Policies
- Websites
Disclaimer: Information on this website is provided for general information purposes only. It is not intended to constitute and should not be relied upon as legal advice. There are a number of factors and circumstances which may be relevant to legal advice. The law may also have changed before we are able to update the website. If legal advice is required, please contact us.
|