Data protection compliance service

We are pleased to offer our data protection compliance service, a packaged, end-to-end legal service, designed to enable businesses to achieve UK and EU GDPR compliance.

The UK GDPR

Since Brexit, businesses and other organisations that collect and use personal data in the UK need to comply with the UK General Data Protection Regulation (UK GDPR), plus the Data Protection Act 2018.

The UK GDPR broadly mirrors the EU GDPR. and sets out what organisations must do when collecting, storing, and using personal data. It applies not only to organisations based in the UK but also organisations in other countries if they offer goods or services to individuals located in the UK or monitor UK residents’ behaviour. In addition, if such organisations do not have a business presence in the UK, they will need to appoint a representative here to deal with any queries relating to data breaches or subject access requests.

The EU GDPR continues to apply to UK (and other) organisations that have an establishment in the EU, offer goods or services to individuals located in the EU or monitor EU residents’ behaviour. Such organisations need to comply with both the UK GDPR and the EU GDPR. If they do not have a business presence in the EU, they will need to appoint a representative in the EU to deal with any queries from individuals there.

What we particularly appreciate about Penningtons is their excellent and rapid work and their high level of understanding of the context of issues.

Chambers UK

What it means

Like the EU GDPR, the requirements of the UK GDPR are far-reaching. There is an emphasis on transparency and security when processing personal data, as well as individuals’ rights and mandatory notification requirements for certain data breaches. The obligation to be accountable requires organisations to put in place comprehensive policies and practices, as well as having organised record keeping. Key obligations such as ‘the right to be forgotten’ and ‘privacy by design’ impact upon how businesses interact with their customers.

Non-compliance presents not only reputational but also financial risk. Breaches are punishable by very significant fines of up to £17.5 million or 4% of global annual turnover, whichever is higher.

The solution: data protection compliance service

Our data protection compliance service is delivered in two key phases and has been developed by us in response to demand from clients who need a fast and cost-effective solution to data protection compliance.

Phase one: discovery
  • Transparent pricing for the discovery phase.
  • Provision of a detailed questionnaire to comprehensively identify your data processing activities and existing compliance framework.
  • Gap analysis in a simple red/amber/green reporting format outlining key areas for attention, with essential and recommended actions.
  • Provision of pricing for follow up actions.

Phase two: remediation
  • Discuss prioritisation and budget for follow up actions identified in phase one.
  • Remediation activities typically cover the following key areas depending on the outcome of the gap analysis in phase one:
    • accountability;
    • collection, consent and handling of information;
    • sharing, third parties and supply chain management;
    • data breaches;
    • training and awareness;
    • record management.

Insights
All insights

What our clients are saying

Penningtons Manches Cooper’s IT team is brilliant, reliable and responsive. The quality of service is outstanding.

Chambers UK

Penningtons Manches Cooper is recognised for its strength in the technology sector.

Legal 500

Contacts

Keep exploring

Contact us

Please complete this short form to send us your enquiry. We will be in touch shortly with a reply.

If you need to speak to someone soon, call:

0345 365 0051

We will only use the information you provide to handle your enquiry. Please read our privacy policy for more information.
Consent*