GDPR and Data Protection
The General Data Protection Legislation (GDPR) and data protection is a complex area and requires careful consideration. The accountability principle means that businesses must be able to demonstrate their compliance, which means taking a number of measures including implementing data protection policies (for customers as well as staff) and security measures, carrying out impact assessments, recording and, where required, reporting security breaches and more. Data privacy is, therefore, a culture, not a box-ticking exercise.
Breaching data protection laws can result in severe penalties, with the most serious breaches carrying a maximum fine of €20 million or 4% of worldwide revenue, whichever is higher. For less serious breaches, the standard maximum fine is €10 million or 2% of worldwide revenue, whichever is higher.
In an age of increasing digitalisation, there are advantages to complying with data protection laws, including enhanced business reputation, increased customer confidence, improved data organisation and security and perhaps even reduced costs.
Our expertise includes the following:
- Drafting and updating privacy policies
- Drafting and reviewing business contracts
- Drafting employment policies and notices
- Reviewing use of personal data for marketing purposes
- Data subject access requests
- Advising on non-disclosure or confidentiality agreements.
- General advice on GDPR and data protection
Our lawyers would be pleased to discuss your requirements with you. Please get in touch with us here.