Banner image for GDPR page showing digital data with EU flag overlaid

GDPR & Data Processing

The General Data Protection Regulations (GDPR) came into force on 25 May 2018 and they place substantial obligations on any person or organisation managing or handling data.

Data is any information relating to an identifiable person who can be directly or indirectly identified. This definition provides for a wide range of personal identifiers that constitute personal data, including; name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.

GDPR refers to sensitive personal data as “special categories of personal data”. The special categories specifically include racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences

GDPR sets out 7 core principles that must be complied with when holding, handling and processing data:

1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimisaton
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality
7. Accountability

In the event of a breach of GDPR, an organisation can face sanctions from the Information Commissioners Office including warnings, bans on data processing and fines – which could be up to 4% of annual turnover or £20million, whichever is greater.

As such it is vitally important for a business to properly understand its obligations under GDPR and when these can arise in the day to day running of their business. Once you understand your obligations it is essential to ensure your paperwork and processes are running smoothly to comply with GDPR including obtaining specific consent for processing data, data processing agreements, privacy notices, appointing Data Processing Officers, handling data breaches and data subject access requests.

Howells Solicitors are here to help you with this process – our expert team are able to review your processes and procedures and advise you effectively on your data protection obligations and how to manage these.

We offer competitive fees, which can be tailored to your specific needs. Please do get in touch today for further discussion on your organisations needs and queries.

Tom Bernard
Senior Solicitor

Make an Enquiry Online