In our ever more computerised world, organisations handle data relating to customers, employees or other individuals on a day-to-day basis. The protection of this personal data is a key foundation to those relationships and individuals trust those who deal with their data to keep it secure and not to use it for improper purposes.
Even so, hardly a week goes by without a story in the press of how unencrypted data has fallen into the hands of unauthorised third parties (perhaps through hacking or employee negligence/misconduct). Reputations which may have taken years to build can be destroyed in a matter of mouse clicks.
Individuals are also becoming increasingly aware of their rights under data protection legislation and are often using them as a tool to extract evidence which might form the basis of a legal claim or simply to cause administrative headaches.
In addition, the General Data Protection Regulation (“GDPR”) and Data Protection Act 2018 impose substantial responsibilities on organisations and an obligation to evidence their compliance by means of documented impact assessments, audits and policies.
We have considerable experience in dealing with data protection matters of all kinds, both on behalf of organisations and individuals.
In recent times, we have drafted fair processing statements and data protection policies for many organisations. We regularly make and help respond to subject access requests, whether made on a stand-alone basis or as part of a wider commercial, employment or customer service issue.
When required, we also liaise on our clients’ behalf with the Information Commissioner where matters escalate and the individual is unhappy with how an organisation has dealt with their personal data.
And we always understand that data protection is part and parcel of protecting an organisation’s hard-earned reputation.