Specialist advice on Data Security Breaches, Subject Access Requests, and complaints
All businesses inevitably hold personal data on their customers, clients, and employees. Customer databases, membership details, employee records and financial information are all subject to the Data Protection Act (DPA). Organisations must process an individual's personal data lawfully, keep personal information secure, and respond to subject access requests within a tight deadline.
Our team follows Foot Anstey's progressive approach to legal services. Our goal is to provide pro-active, commercial advice, working with you to avoid risks to your business, while keeping on the right side of data protection law. Together with the firm's non-contentious data protection team, our lawyers are experienced in both prevention and cure: preventing breaches by ensuring the correct policies and procedures are in place, and responding quickly when human error or hostile intervention lead to a breach of data security. Simultaneously, our reputation management team can work to minimise adverse publicity when things go wrong.
We will work with you within the current legal regime. And we will help you prepare for new EU rules which come into force in 2018, which will revolutionise data protection by enhancing individuals' rights significantly, and imposing stringent duties on businesses, including explicit consent to data processing and mandatory reporting of breaches. Sanctions for non-compliance will range from painful (up to 4% of turnover) to catastrophic (a ban on data processing).
We provide large organisations, small businesses, financial services and professional bodies with bespoke DPA advice. Our key areas of expertise include:
- Subject access requests
- Data security breaches
- Exemptions to the DPA
- Misuse of data complaints
- Requests for disclosure
- Breach reporting & the ICO
- Reputation management