Data Protection and GDPR

We conduct GDPR audits, put policies in place and provide staff training.

We also offer a full Virtual Data Protection Officer Service.

The GDPR regulation is designed to protect every individual from having data misused. But whilst it protects the individuals, there is a significant obligation on organisations that hold any data to use it and keep it in ways that do not infringe the rights of the individuals whose data is held (called the data subjects).

There is an array of statutory duties owners, partners or directors in organisations need to comply to, and ensuring that data protection is treated seriously is one of the most important. Any abuse, avoidance or ignorance of these regulations could result in serious fines of up to €20m or 4% of the organisation’s global annual turnover (whichever is the higher) and other sanctions.

Since 2018 many changes have taken place including Brexit and in 2022 the implementation of new tools for data transfers came in force:

  • International Data Transfer Agreement (IDTA)
  • International Data Transfer Addendum to the EU Commission Standard Contractual Clauses

Some strict deadlines were set:

  • By 21 September 2022: any transfer subject to UK GDPR using the old Standard Contractual Clauses (SCC’s) to be concluded
  • By 27 December 2022: any transfers subject to EU GDPR to old SCC’s to be updated
  • By 21 March 2024: update to the new SCC’s for ALL UK transfers.

Organisations should be reviewing their data protection policies at least yearly and make sure their staff are fully trained.

Don’t wait until it’s too late. A GDPR compliance healthcheck can help you to avoid fines, penalties and reputational damage

We will help you to understand the regulations and any legal implications around your data usage, including:

  • An initial fixed-fee audit of existing materials, data sets and processes
  • Recommendations for changes
  • Drawing up relevant policies and procedures
  • Processing all necessary legal documentation and other paperwork.

For peace of mind Iconos Group offer a full Virtual Data Protection Officer Service 

The role of the VDPO

  • Manage and advise on gathering, processing and storing personal data
  • Liaise with regulatory bodies in the event of a data breach
  • Advise and assist in the creation of Data Impact Assessments
  • Provide advice and guidance on GDPR and Data Protection Act 2018
  • Conduct and advise on data mapping processes and procedures
  • Provide training for relevant stakeholders and members of staff.

The benefits

  • Lower cost
  • Expert compliance
  • No employee costs
  • Keeping up-to-date with latest legislation
  • Avoiding data breaches

Contact us on 020 4539 5800 or at legal@iconos-group.com for a free exploratory consultation.

Iconos Group Limited is authorised and regulated by the Solicitors Regulation Authority under SRA Number 831403.
Registered in England and Wales with number 13290040.
Registered office 25 Norwich Way, Croxley Green, WD3 3SP

© 2023 www.iconos-group.com | www.lucyswebdesigns.co.uk

The website contains general information only and is not intended to constitute legal or other professional advice. If you wish to seek professional advice please contact us at legal@iconos-group.com.
Whilst we try to make sure that the information contained on the website is accurate, Iconos Group Limited assumes no responsibility for such information and disclaims all liability in respect of such information.

Our clientsLegal Team