Data Protection and Privacy
With technology becoming increasingly more integrated into the business world, it’s integral that your clients have incorporated data protection and privacy considerations into their company.
Abbiss Cadres provides business-focused, pragmatic advice on all aspects of implementing the UK and EU GDPR. We offer a range of privacy services, from one-off queries to project management and full implementation of global personal data protection solutions.
Our team can undertake a baseline data protection compliance assessment, identify meaningful risks and provide practical remediations. We assist with requirements to demonstrate accountability measures and develop company-specific guidance, policies and procedures that comply with applicable laws and generate consumer, partner and employee confidence.
Lacking bandwidth to fully operationalise your client’s privacy program? Outsource Privacy Program management to us. We can immerse ourselves within the team to project manage and liaise directly with key stakeholders to implement an end-to-end global data protection program.
We can undertake a Data Protection audit/assessment, raise awareness of key issues internally, and train employees on data protection, privacy and GDPR. Our team can monitor personal data flows and international transfers, draft appropriate policies and assist with implementation. We can also create records of Processing (as may be required under GDPR), embed Privacy by Default and Design, assess third party Vendor/Supplier for data protection compliance, create an incident response plan, and provide advice on data subject access requests.
Does your client need to appoint a Data Protection Officer under Article 37 GDPR? Our outsourced DPO service is flexible and tailored to your client and its specific operations. We can fulfil specific requirements under GDPR including: informing and advising the company on GDPR obligations, monitoring compliance with GDPR and internal policies as well as managing internal data protection activities. We can also be responsible for training your client’s staff, conducting internal audits, advising on data protection impact assessments, as well as serving as the point of contact for Supervisory Authorities.
Does your client need to appoint a Local Representative? If your client offers goods or services to individuals in the UK or monitors their behaviour but does not have an establishment in the UK, then it probably will. Appoint us as your Local Representative for compliance with Article 27 of the UK GDPR and we’ll serve as the local point of contact for individual data subjects and the Information Commissioner’s Office.
How well has your client trained its staff to be GDPR compliant? We can provide company-wide or small–team training either remotely or in-person. Content can be tailored to suit your client and can include GDPR specific training, general personal data protection, privacy awareness training or general legal privacy requirements.
Are your client’s policies regarding data protection thorough enough? We can conduct a review of existing policies to ensure they comply with UK GDPR requirements or we can draft policies based upon organisational practices and requirements.
How well is your client meeting its data protection obligations? Have you identified data protection risks? We can perform a data protection GDPR compliance assessment, reporting back with a gap analysis with pragmatic remediations.
How has Brexit impacted your client’s data protection practices? Our team can outline the framework of the UK GDPR and EU GDPR regulations and what that means for your client. We can assess how your client processes personal data and how it has been impacted by Brexit. We can identify necessary changes, evaluate if the new requirement for a Local Representative impacts your client, update documentation, and review privacy impact assessments for cross border processing and restricted transfers.
What steps does your client need to take to keep employee and customer data safe across borders? We provide expert guidance on data protection and privacy components of staff global mobility and remote working, assess the structure of the global data protection program, streamline legal compliance across applicable privacy regimes and provide an outsourced DPO service for UK and EU GDPR compliance.
Is your client undergoing or planning a merger or an acquisition? The UK and EU GDPR can make this process even more complex. We can review data protection and privacy issues throughout the entirety of corporate transactions, including the use of VDRs, sharing personal data with a potential buyer, and the conflict with TUPE disclosure requirements.