Under laws which include GDPR and Data Protection Act 2018, your business has obligations as a data controller and in some instances as a data processor. These obligations are based on the data protection principles enshrined in the law and found in specific provisions of the GDPR and DPA 2018 plus Regulations containing requirements to perform Data Protection Impact Assessments, Legitimate Interests Assessments, implement Privacy by Design, appoint a Data Protection Officer, keep Records of Processing Activity, keep certain registers and have certain policies and procedures in place. Vendor management and contracting is becoming more complex with negotiation on roles and responsibilities for fulfilment of data subject rights and incident management. Awareness of Codes of Conduct development, such as that currently in the pipeline for the management of children's data, is necessary. Lastly, as important as identifying your data processing activities and types of data being processed and understanding your data flows are to informing your data protection plans, appreciating the risk to your data subjects rights and freedoms and risks inherent in your operations and systems is paramount. I am here to assist you with this and more.
DATA PROTECTION CONSULTING