Fixing holes. How to start on your GDPR journey.
All organisations in the UK are subject to the following laws:
- the Data Protection Act 2018;
the Retained EU law version of the General Data Protection Regulation ((EU) 2016/679) (UK GDPR);
the GDPR where they process data relating to EEA data subjects, (the “Data Protection Legislation”).
Data Privacy
Not only can data privacy failings result in substantial fines, the ICO has the power to stop an organisation from using data.
This effectively stops your business from operating while you put fixes in place. The impact on the reputation (and consequent valuation) of a business found to be lacking in this area can be difficult to overcome for many businesses.
Disaster Scenario
In the absence of a disaster scenario, gaps in compliance with the Data Protection Legislation often come to light during the due diligence process for a funding round, or a business sale. Compliance issues such as this can have a serious impact on the valuation of a company.
We recommend pro-active auditing of compliance with the Data Protection Legislation. Orange Grove Law will put your organisation on the right track.
The underlying tenet of the Data Protection Legislation is that an organisation can demonstrate that it:
a. understands its obligations in relation to personal data and, b) has measures in place to achieve compliance with the Data Protection Legislation.
b. The first steps on the path to achieving compliance and being able to demonstrate how it is achieved is by undergoing a Data Protection audit. This covers the obligation whilst providing an insight into compliance gaps to be filled to help you along your GDPR journey.
We can then continue to guide you using our data protection management service.