GDPR and Data Protection Lawyers

GDPR and Data Protection Lawyers

The DPA (Data Protection Act) 2018 and UK GDPR (General Data Protection Regulation) apply to all organisations in the UK that process or control the processing of personal data.

Enquire today
Price: £0.00
Excluding VAT

GDPR and Data Protection Lawyers

The DPA (Data Protection Act) 2018 and UK GDPR (General Data Protection Regulation) apply to all organisations in the UK that process or control the processing of personal data.

Failure to comply leaves you open to regulatory action, including fines of up to £17.5 million or 4% of your annual global turnover (whichever is greater), as well as legal action from aggrieved data subjects in the event of a data breach.

And if you process European Union residents’ personal information, you also need to comply with the EU GDPR.

Understanding exactly what you need to do to meet your data protection obligations – and how to demonstrate your compliance – can be time-consuming, difficult and fraught with the possibility of error.

Fortunately, expertise is at hand: if you need help getting and staying compliant with data protection law, GRCI Law has everything you need.


How GRCI Law can help you

Our data privacy and data protection experts can help you with:

Data protection policies and procedures

Demonstrating DPA 2018 and GDPR compliance requires you to create and maintain documentation including policies, processes, procedures and records. From privacy notices to supplier data processing agreements, we can advise on the documentation you need.

Our legal team can help you create a wide range of DPA 2018- and GDPR-compliant data privacy documentation, including privacy notices, privacy policies, Article 30 records and data breach handling procedures, as well as reviewing your lawful basis for processing personal data.

Find out more about GDPR Contract and Legal Services

DPO as a Service is a subscription service that gives you access to a DPO (data protection officer) all year round. Our experts can advise on all data protection law compliance matters, including reviewing your documentation and guidance on creating and maintaining your personal data processing register.

Find out more about DPO as a Service

DSARs (data subject access requests)

The GDPR gives data subjects the right to request access to their personal data from data controllers so they can check the lawfulness of how their personal data is collected and processed. Data controllers must respond to DSARs within one calendar month.

DSAR as a Service is an annual subscription service for organisations that do not have the time or in-house expertise to respond to DSARs themselves. Our team can process your DSARs all year round, from assessing their validity and verifying the applicant’s identity to documenting the outcome of each request and liaising with supervisory authorities where necessary.

Find out more about DSAR as a Service

Individuals’ data rights

Facilitating data subjects’ rights to be informed, of access, to rectification, to erasure, to restrict processing, to data portability, to object, and in relation to automated decision-making and profiling is a core component of DPA 2018 and GDPR compliance. However, it can be complex and the potential for error is high.

DPO as a Service provides you with a dedicated, outsourced DPO who can support your DPA 2018 and GDPR compliance from implementation to maintenance, including providing advice and guidance on responding to privacy rights requests from individuals.

Find out more about DPO as a Service

And if you need advice on specific issues, the GDPR Advice Service gives you unlimited support and advice on all data privacy issues.

Find out more about the GDPR Advice Service

Data breach response

The DPA 2018 and GDPR require data processors to report all personal data breaches to data controllers. Data controllers must report data breaches to the supervisory authority within 72 hours of becoming aware of the breach if there is a risk to data subjects’ rights and freedoms. Data subjects must be notified if there is a high risk to their rights and freedoms.

Data breaches are commonplace, so it is essential to have plans in place to ensure you can respond to them in an appropriate and timely manner.

Our Data Breach Management Service gives you dedicated support from data protection experts, at all stages of the process. This includes reviewing and assessing the nature of each breach, notifying the appropriate parties, and creating and maintaining breach logs.

Find out more about our Data Breach Management Service

Data breach response

The DPA 2018 and GDPR require data processors to report all personal data breaches to data controllers. Data controllers must report data breaches to the supervisory authority within 72 hours of becoming aware of the breach if there is a risk to data subjects’ rights and freedoms. Data subjects must be notified if there is a high risk to their rights and freedoms.

Data breaches are commonplace, so it is essential to have plans in place to ensure you can respond to them in an appropriate and timely manner.

Our Data Breach Management Service gives you dedicated support from data protection experts, at all stages of the process. This includes reviewing and assessing the nature of each breach, notifying the appropriate parties, and creating and maintaining breach logs.

Find out more about our Data Breach Management Service

Handling complaints from individuals and regulators

Data subjects have the right to lodge a complaint with their supervisory authority (the ICO (Information Commissioner’s Office) in the UK) – and the right to an effective judicial remedy – if their rights under data protection law have been infringed. If you find yourself under investigation, it is critical that you act appropriately and are able to provide all the relevant information.

With DPO as a Service, our DPO will provide advice and guidance on breach monitoring, management and reporting, and liaise with the supervisory authority for you.

Find out more about DPO as a Service

Data transfers: sharing data with other businesses

If you transfer the personal data you hold to other organisations, you must have adequate contracts in place to ensure the data will be processed in accordance with data protection laws. The GDPR and the Data Protection Act 2018 set out what must be included in data controllers’ contracts with processors.

We can provide legal advice on data processing contracts to ensure the correct agreement is in place whether you are transferring data to a processor, a joint controller or another independent data controller. We can also advise on standard contractual clauses and binding corporate rules for international transfers of personal data.

Find out more about GDPR Contract and Legal Services

Why choose GRCI Law?

Led by our management team of experienced DPOs, lawyers, barristers, and information and cyber security experts, we provide DPO, breach, data privacy management and DSAR support, and associated non-reserved legal services.

We offer legal risk and compliance consultancy advice that you can trust, but without the burden of administrative duties and expenses that law firms must bear in order to carry out certain ‘reserved legal activities’, such as litigation, conveyancing and advocacy.

Find out more about us

About us

Led by our management team of experienced DPOs (data protection officers), lawyers, barristers, and information and cyber security experts, we provide DPO, breach, data privacy management, and data subject access request support, and associated non-reserved legal services.

We offer legal risk and compliance consultancy advice that you can trust, but without the burden of administrative duties and expenses that law firms must bear in order to carry out certain ‘reserved legal activities’, such as litigation, conveyancing and advocacy.

 

GRCI Law has completed the NHS Data Security and Protection (DSP) Toolkit online self-assessment tool which allows organisations to measure their performance against the National Data Guardian’s 10 data security standards, providing the assurance (to all NHS clients) that we are practising good data security and that personal information is handled correctly. If you process NHS patient data in any capacity, GRCI Law is able to assist you with all your data privacy requirements.

If you need assistance to become compliant with the DSP Toolkit, our sister company IT Governance Ltd offers several options to help you complete this exacting requirement.

 

Contact us

If you need expert help with your DPA 2018 and GDPR compliance, please get in touch with our experts, who will be happy to provide all the guidance you need.

Enquire today
Loading...