Data protection and GDPR
Data and information rights are crucial to individuals and organisations in an interconnected world. Innovations in digital and communications technology have revolutionised the way in which data and information is created, stored, processed and shared, and in recent years the privacy rights of individuals have taken centre stage.
From our offices in Edinburgh and Glasgow, we help individuals as well as private and public sector organisations across the UK navigate the world of data protection and compliance.
The General Data Protection Regulation (GDPR) will come into effect on 25 May 2018. It represents a significant step forward in the modernisation and harmonisation of data protection throughout the European Union (EU).
To summarise a very wide-ranging piece of legislation in one sentence: data protection under the GDPR will provide individuals with more control over their personal data and will require organisations to process personal data responsibly and transparently.
All organisations established or operating within the EU will be affected by the GDPR, irrespective of the industry or business sector in which such organisations operate. The GDPR will apply to all personal data collected, held or processed by an organisation, whether this relates to employees, customers, suppliers or contacts, so these new regulations will not be restricted to data-intensive businesses.
At this stage and as an ongoing process, organisations should consider what personal data they hold, what they do with it, why they process it and whether it is strictly speaking necessary to hold and process the personal data.
There are a number of steps to becoming GDPR compliant, and the first step is to become aware of the personal data within an organisation. The subsequent steps are determined by the types of personal data and the purposes for which the personal data is processed - for example, are there special categories of personal data including health and medical information or is the personal data used for scientific research?
We offer comprehensive advice and support on data protection matters, including:
- advising on data audits and other aspects of GDPR compliance,
- advising on the rights of individuals in respect of their personal information,
- reviewing data protection policies and procedures,
- reviewing and/or negotiating data processing contracts, and
- drafting privacy policies, consent forms and other relevant data protection documents.
We also advise organisations who receive requests for personal data ("subject access requests") as well as individuals who are making the requests.
We understand that organisations are concerned about compliance with GDPR and about the seemingly limitless data protection tasks required under the GDPR ranging from keeping records of processing activities to ensuring appropriate IT security requirements.
Whether you require general guidance or you need a more hands on approach, we will take the time to understand your business or personal circumstances so that we can provide clear advice on data protection matters (including GDPR compliance strategies) and offer solutions tailored to your needs.
Our approach to fees
We appreciate that clients want certainty over costs at the outset and that is why at Morton Fraser we strive to be clear on the cost of our services. Whenever we can we will give a fixed fee quote for work we have been instructed to undertake, and where this is not possible we will give you a clear indication of the likely fee based on an agreed scope of work. The last thing we want is for a client to be sent a bill which they are not expecting and may not be able to afford.
We understand that budgets can be tight and that this can sometimes dictate whether or not legal advice is sought. We want our services to be as accessible as possible and we are always happy to have an initial meeting free of charge so that we can fully understand your requirements and discuss our proposed fee.