Hamlins will review your business and its use of data to determine compliance with the new Regulations, to avoid the risk of much heftier fines or even a criminal prosecution.
We will ask questions such as:
- Does your business have the necessary systems and governance in place to meet the considerable new compliance obligations required under the Regulations?
- What kind of Personal Data does your Company collect and process?
- If you rely upon the consent of customers to process their data, have you reviewed your existing practices to ensure they meet the new requirements of the Regulations?
- What are you doing to meet the new Privacy By Design requirements under the Regulations?
- How do your key contracts address Data Protection and Privacy?
- If you use third parties to process your company’s data, does the contract place sufficient obligations on these parties to implement appropriate technological and organisational security measures against unauthorised or unlawful processing of data (such as by hackers)?
- Do you have a Data Breach Response Plan in place (the forthcoming Regulation requires any business owner with a data breach to notify the data protection authority without undue delay and within 24 hours)?
- Have you designated specific roles and responsibilities for employees and prepared notifications in case of a breach?
- Have you appointed a Data Protection Officer?
- Have you conducted a Data Protection Impact Assessment, where appropriate?