GDPR, Data & Privacy

SA Law's Data Protection team provides the full spectrum of advice from supplier relationships to staff issues and managing client data correctly.

We can help you and your business with a range of compliance issues and related matters including:

• UK General Data Protection Regulation (UK GDPR) compliance
• Privacy & Electronic Communications Regulations (PECR) compliance
• Critical compliance advice in corporate transactions
• Strategic advice during a merger and harmonisation of databases following acquisition
• Data protection policies, privacy notices and compliance documents, including advising on opt-ins and opt-outs
• Advising and assisting in responding to Data Subject Access Requests (DSAR), often in the context of other litigation.
• Advising companies on how to handle and manage data breaches and your ICO reporting obligations.
• Compliance audits to ensure your business is complying with its UK GDPR and Data Protection Act 2018 obligations.
• The structuring of contracts and compliance procedures
• Partnership, joint venture (JV) and affinity arrangements
• Advising on privacy and compliance matters for website platforms and mobile applications, including the use of cookies.
• Freedom of Information (FOI) Act and compliance, including drafting FOI contract clauses and advising on how to respond to information requests.

What is the UK GDPR and Data Protection Act 2018?

The UK GDPR and Data Protection Act provides the framework for data protection law in the UK. Following Brexit, the EU GDPR ceased to protect the rights and freedoms of UK citizens regarding their personal information.

Instead, now the UK GDPR and Data Protection Act legislation sets out the key obligations and requirements for the way personal data is handled when dealing with customers, employees, suppliers and other individuals, and the consequences for UK organisations if they do not comply.

What are the Privacy and Electronic Communications Regulations?

The Privacy and Electronic Communications Regulations (PECR) sits alongside the broader Data Protection Act and the UK GDPR. The PECR gives people specific privacy rights in relation to electronic communications that organisations and individuals processing personal data need to comply with.

If you send electronic marketing communications, use cookies or a similar technology on your website or compile a telephone directory, you must comply with both the PECR and the UK GDPR.

What now?

The UK GDPR sets out seven key principles for everyone responsible for processing personal data, including for the information to be processed with lawfulness, fairness and transparency.

The Information Commissioner’s Office (ICO) aims to ensure that data subjects are protected and that organisations are able to operate and innovate efficiently in this increasingly digital age.

The ICO does have a range of enforcement powers to take action however if there are breaches of compliance with the data protection law in the UK. These include monetary penalties, enforcement notices, prosecution, reprimands, audits and investigations.

For serious breaches of the UK GDPR, the ICO also has the power to issue fines of up to £17.5 million or 4% of a company’s annual worldwide turnover, whichever is higher.

How we can help

If you would like any advice in this area, please do not hesitate to contact a member of the Data Protection Department.