Our data protection specialists use their knowledge of the law, their experience and understanding of businesses to deliver a strategy which can help businesses comply with data protection laws. Merely having good written policies is not always sufficient. Legal risks relating to data protection law can arise in many ways. Our aim is to provide support and guidance and to assist with compliance requirements, whilst bringing the Ellis Jones passion to our work.
Here to help
Our specialist teams can provide full service legal advice and assistance, providing practical and cost-effective solutions.
Data Protection Strategy
Getting good advice about how GDPR and the Data Protection Act 2018 impacts your business is vital. We can assist you with data protection strategy planning to advise on what your business needs and how data protection law will affect your business.
Find out moreData Protection Strategy
Getting good advice about how GDPR and the Data Protection Act 2018 impacts your business is vital. We can assist you with data protection strategy planning to advise on what your business needs and how data protection law will affect your business.
Find out moreData Protection Compliance
We understand that data protection law is complex, and every business or organisation will face different challenges or be at different stages in their journey towards compliance. We also recognise this is an evolving challenge as businesses grow. We are here to advise on each step and advise businesses on what processes and procedures are required to be compliant.
Find out moreData Protection Compliance
We understand that data protection law is complex, and every business or organisation will face different challenges or be at different stages in their journey towards compliance. We also recognise this is an evolving challenge as businesses grow. We are here to advise on each step and advise businesses on what processes and procedures are required to be compliant.
Find out moreDealing with Data Breaches
It is said that prevention is better than cure when it comes to business protection. Our aim is to work with businesses to have robust policies and procedures in place to avoid or minimise the risk of data breaches. Data breaches are however a real risk to any business and since GDPR came into effect, businesses have a requirement to report certain types of data breaches. We can advise and assist in dealing with the process including reporting to the ICO if necessary and how to advise those affected.
Find out moreDealing with Data Breaches
It is said that prevention is better than cure when it comes to business protection. Our aim is to work with businesses to have robust policies and procedures in place to avoid or minimise the risk of data breaches. Data breaches are however a real risk to any business and since GDPR came into effect, businesses have a requirement to report certain types of data breaches. We can advise and assist in dealing with the process including reporting to the ICO if necessary and how to advise those affected.
Find out moreData Audits
Our data protection team is in place to offer business protection. As part of any strategy planning, Ellis Jones offers its data audit services. A data audit is a thorough review and assessment of your organisation’s compliance with GDPR. The objective of a data audit is to identify areas for improvement and what steps need to be taken to ensure compliance where there are gaps.
Find out moreData Audits
Our data protection team is in place to offer business protection. As part of any strategy planning, Ellis Jones offers its data audit services. A data audit is a thorough review and assessment of your organisation’s compliance with GDPR. The objective of a data audit is to identify areas for improvement and what steps need to be taken to ensure compliance where there are gaps.
Find out moreBusiness GDPR
What does GDPR mean to your business? UK GDPR is one of the data protection laws that apply to businesses in the UK, but is commonly referred to as GDPR. It outlines how a business must collect, store and use personal information in a secure and legitimate way. Failure to comply with GDPR could result in expensive fines. Our data protection solicitors can guide you and advise you on what GDPR could mean to your business and how you can comply.
Find out moreBusiness GDPR
What does GDPR mean to your business? UK GDPR is one of the data protection laws that apply to businesses in the UK, but is commonly referred to as GDPR. It outlines how a business must collect, store and use personal information in a secure and legitimate way. Failure to comply with GDPR could result in expensive fines. Our data protection solicitors can guide you and advise you on what GDPR could mean to your business and how you can comply.
Find out moreAdvice on Data Sharing Activities
The right to share personal data either within your organisation or outside of it, is not always straight forward. GDPR has strict requirements on the sharing of data. We can advise and draft the necessary legal agreements and data management policies to enable any sharing of data as your business may require. We can advise on protecting the integrity of the data.
Find out moreAdvice on Data Sharing Activities
The right to share personal data either within your organisation or outside of it, is not always straight forward. GDPR has strict requirements on the sharing of data. We can advise and draft the necessary legal agreements and data management policies to enable any sharing of data as your business may require. We can advise on protecting the integrity of the data.
Find out moreData Protection FAQs
What is Data Protection?
Data protection is the process of keeping personal information secure by design, by ensuring that appropriate technical and organisational measures are adopted by businesses to protect such data. It involves ensuring compliance with applicable data protection legislation such as GDPR, the Data Protection Act and the PECR.
Increased regulatory and commercial pressure also means that businesses are obliged to prioritise data protection within their organisations. It should be at the very heart of their business. Data protection does not just extend to complying with the law, but adopting best practices throughout your organisation, should also give you a competitive advantage. Any business that is seen to have robust procedures in place for data protection, will give confidence to its consumers and clients. We
Businesses of every size need a plan for continuous data protection. We recognise that many businesses will already have good IT systems in place to protect against ransomware and cyber threats and safeguard data generally. A good data protection strategy ensures data can be restored quickly after any corruption or loss. However, the implementation of a good data protection framework incorporating data management, key policies and procedures will promote good practice and compliance with the data protection laws. These policies are both internal and external facing and can offer reassurance to third parties that you are compliant with data protection laws.
The importance of data protection increases as businesses increasingly rely on the use of data which is created and stored. The key principles of GDPR are to safeguard the data and make it available under all circumstances.
Why is Data Protection important?
The implementation of GDPR in 2018 caused furore because it placed greater emphasis on not only data protection, but the need for businesses to be more aware of their own requirements to protect data.
However, the purpose of GDPR and other data protection laws such as the Data Protection Act 2018 is to establish a framework which sets out what should be done to make sure that everyone’s data is used properly and fairly. Failure to comply with the applicable laws can have serious consequences including monetary fines or even prison sentences. The reputational damage and fallout from a data breach can also be devastating, so data protection is not just a legal requirement, but crucial to protecting and maintaining your business.
What constitutes a breach of Data Protection?
A personal data breach is a breach of security which leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data. It is not just limited to personal information and can include the following types of data breaches:
- access by unauthorised third parties
- deliberate or accidental loss or damage by either a data controller or a data processor
- accidental dissemination to a third party (i.e., sending by email to the wrong email address)
- lost devices containing personal data etc.
A data breach can be accidental or unlawful.
Examples of types of data breaches are:
- ransomware
- theft of information
- phishing
- malware
- breach of passwords
- email compromises
- employee mistakes / negligence
- application and software vulnerabilities
What is the Data Protection Act?
The original data protection act 1988 was developed to control how personal data is used by businesses or government bodies. This has since been replaced by the Data Protection Act 2018 which provides a modern and comprehensive framework for data protection in the UK and applies the EU GDPR.
The main elements of the DPA are:
- The implementation of GDPR standards across all data processing in the UK
- An overview of the definitions used in GDPR in the context of the UK
- Ensures that sensitive health information, social care and education data can continue to be processed whilst ensuring that it is safeguarded
- Provides restrictions on rights to access and delete data where there is a strong public policy justification, including for national security purposes
- Age of consent reduced to 13
In addition, the DPA also provides a regime for law enforcement, regulatory and intelligent services.
The DPA offers a further data protection system and modifies aspects of GDPR to make it work in the UK.
The DPA differs from GDPR, but both are enshrined in the UK as our main data protection laws.
Does GDPR override the Data Protection Act?
Whilst there are some differences between the two pieces of legislation, the DPA is the UK’s implementation of the General Data Protection Regulation (GDPR), now known as UK GDPR.
Which law overrides the other, would be very much fact dependent and in all likelihood, would not matter. Both laws are designed to work in the UK and apply to businesses and all types of data processing, to provide robust protection.
The territorial scope is for all organisations processing personal data whether as a controller or processor in the United Kingdom, regardless of whether the processing takes place in the United Kingdom or not.
UK GDPR Health Check £200 plus VAT
This health check comprises a short review of the website, privacy policy and any terms to identify any red flags or areas of potential non-compliance. The report will make any recommendations for changes. Any further revision work is chargeable separately.
Enquire NowUK GDPR Documents £1,000 plus VAT
This solution consists of a suite of template documents for any business to help them get started including, privacy policy, data protection policy, IT security policy, data retention policy, DPIA, privacy notice (internal employees).
Enquire NowCompliance Audit £500 plus VAT
This is not a full data protection audit, but this solution comprises an audit and checklist to focus businesses on what operations and systems they currently have in place towards compliance with data protection laws. On completion by the client, this is then followed with a review by one of our data protection specialists and a client advisory meeting as to recommendations with a gap analysis report.
Enquire NowFull Data Protection Audit
This will be a bespoke and tailored audit and review of a client’s full business operations. This would be pricing on enquiry because it needs to be bespoke to each business need. Managing internal and external risks for a client by ascertaining where the issues lie. In addition to the above, we provide specific advisory services to businesses on data protection issues and concerns.
Enquire NowOur Experts
Meet our team of specialist Data Protection solicitors
Latest Data Protection News