The new UK-GDPR (General Data Protection Regulation) and amended Data Protection Act 2018 that took effect on December 31st 2020 affects how you, as a business, handle personal information
GDPR post BREXIT
The EU GDPR is an EU Regulation and it no longer applies to the UK. However, if you operate inside the UK, you will need to comply with UK data protection law. The GDPR has been incorporated into UK data protection law as the UK GDPR – so in practice there is little change to the core data protection principles, rights and obligations found in the UK GDPR.
The EU GDPR may also still apply directly to you if you operate in Europe, offer goods or services to individuals in Europe, or monitor the behaviour of individuals in Europe.
The EU GDPR will still apply to any organisations in Europe who send you data, so you may need to help them decide how to transfer personal data to the UK in line with the UK GDPR, if the trade deal bridge ends without adequacy.
What is the UK data protection law now the Brexit transition period has ended?
The Data Protection Act 2018 (DPA 2018) continues to apply. The provisions of the EU GDPR were incorporated directly into UK law at the end of the transition period. The UK GDPR sits alongside the DPA 2018 with some technical amendments so that it works in a UK-only context.
Initiate
ü
Initiation Workshop
ü
Use-case Identification
ü
Establish a GDPR Champion Network
ü
Stakeholder Comms
ü
Data Discovery & Analysis & Mapping
ü
GDPR Process Analysis
ü
GDPR Gap Analysis
Implement
ü
Corporate Comms
ü
GDPR Process Implementation
ü
Full Project Delivery
ü
Resource Management
ü
Data Mapping &
Rationalization
ü
Compliance Acceptance Criteria
ü
Setup Support process
Support
ü
GDPR Governance Support
ü
Quarterly Compliance Audits
ü
Ongoing ICO Liaison
ü
Ongoing GDPR Focused Comms
ü
DPIA Review & Approvals
ü
Data Centric Change Project Reviews
ü
GDPR Toolset Management
Do I need a Data Protection Officer?
Under the GDPR, you must appoint a data protection officer (DPO) if you:
-
are a public authority (except for courts acting in their judicial capacity);
-
carry out large scale systematic monitoring of individuals (for example, online behavior tracking), or
-
carry out large scale processing of special categories of data or data relating to criminal convictions and offences.
You may appoint a single data protection officer to act for a group of companies or for a group of public authorities, taking into account their structure and size.
Any organisation is able to appoint a DPO. Regardless of whether the GDPR obliges you to appoint a DPO, you must ensure that your organisation has sufficient staff and skills to discharge your obligations under the GDPR.
The Data Protection Officer’s DPO’s minimum tasks
-
To inform and advise the organisation and its employees about their obligations to comply with the GDPR and other data protection laws.
-
To monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities, advise on data protection impact assessments; train staff and conduct internal audits.
-
To be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers, etc).
GDPR DPOaaS
We work in partnership with our clients to provide fully managed GDPR Data Protection Officer services. Our collaborative data protection officer as a service approach is there for when you need GDPR Data Protection Officer resources but cannot expand or reallocate your team.
• Fully comply with GDPR legislation
• GDPR Data Protection Officer
• Integration with your team
• Monthly cost to give you control of your budgets
• Anonymized requests and questions to the ICO
Get in touch
Our teams are waiting for your call