In our ever more computerised world, organisations handle data relating to customers, employees or other individuals on a day-to-day basis. The protection of this personal data is a key foundation to those relationships and individuals trust those who deal with their data to keep it secure and not to use it for improper purposes.
Even so, hardly a week goes by without a story in the press of how unencrypted data has fallen into the hands of unauthorised third parties (perhaps through hacking or employee negligence/misconduct). Reputations which may have taken years to build can be destroyed in a matter of mouse clicks.
Individuals are also becoming increasingly aware of their rights under data protection legislation and are often using them as a tool to extract evidence which might form the basis of a legal claim or simply to cause administrative headaches.
In addition, the General Data Protection Regulation (“GDPR”) will come into force on 25 May 2018. This will impose substantial new responsibilities on organisations and an obligation to evidence their compliance by means of documented impact assessments, audits and policies. All organisations should be well down the line of considering how they may need to changes their practices, procedures and documentation in order to comply with the GDPR. In the first instance, this will involve conducting a detailed audit of all data processed.
With potential fines of up to €20 million or 4% of global annual turnover (whichever is higher) in the event of default (not to mention damage to your corporate reputation), the risks of non-compliance with the GDPR cannot be underestimated or overlooked.
We have considerable experience in dealing with data protection matters of all kinds, both on behalf of organisations and individuals.
In recent times, we have drafted fair processing statements and data protection policies for many organisations. We regularly make and help respond to subject access requests, whether made on a stand-alone basis or as part of a wider commercial, employment or customer service issue.
When required, we also liaise on our clients’ behalf with the Information Commissioner where matters escalate and the individual is unhappy with how an organisation has dealt with their personal data.
And we always understand that data protection is part and parcel of protecting an organisation’s hard-earned reputation.