GDPR, Data & Privacy Advice for Technology Enabled Businesses
Dragon Argent’s specialist data protection lawyers will work closely with you to understand your business model and how you collect and use customer data. We’ll provide clear, pragmatic advice tailored to your commercial situation and future strategic goals.
We demystify data protection for founders through a range of simple UK GDPR compliance services including:
Privacy policies
Cookie policies
Terms and conditions
Risk assessments
Record of processing activity
Data privacy impact assessments
Find out more about how our experts can assist in your data privacy compliance by scheduling a discovery call today.
Alternatively call us on 02076860000 or send your enquiry to ask@dragonargent.com
TRUSTED BY FOUNDERS, STARTUPS & SMEs
Data Protection for Small to Medium Enterprises
All businesses in the UK need to comply with the UK GDPR, but most businesses seem to fall short of compliance. Failing to comply with the UK GDPR can result in fines of up to 4% of global annual turnover, or £17.5m — whichever is greater.
Dragon Argent offers a comprehensive data audit as a first, cost effective step towards ensuring compliance. A data audit is an indispensable tool for any business’ improvement of its GDPR status. A data audit will
Identify:
Who your data subjects are;
What personal data you handle about them;
Whether you hold any special category, sensitive personal data on them;
What the legal basis for any processing is; and
Where the data is held.
Prompt you to consider:
How do you keep it secure?
With whom do you share it?
Does it leave the UK at any stage and if so, is this lawful ?
Provide you with:
Greater transparency with and therefore increased trust from data subjects such as existing and potential customers and staff;
Enhanced compliance with important data protection legislation and avoidance of fines, reprimand or reputational damage;
Differentiation from the competition and other competitive advantages
Data & Privacy Consultant
Hear what our clients think:
“Dragon Argent have supported us since inception and been fundamental to establishing firm foundations for our business. They’re experienced, straightforward, founder-friendly, and deliver a breadth of services in a joined-up way that inspires confidence.”
Griffin Parry | Founder & CEO, m3ter
GDPR COMPLIANCE SERVICES FOR FAST GROWTH STARTUPS
We’ll help you build a compliant data framework that is agile and compliant
Data Protection Audit
45 minute call or meeting to go through the audit tool, followed by diagnostic of gaps and list of recommended remediation’s with prices.
Cookie Banner & Internal Privacy Policy
To address the use of cookies by client.
Privacy Notice
Drafting customised Privacy Notices as mandated by Art 13 GDPR based on the analysis of the audit and covering all the legally required aspects.
Illegal Transfer Risk Assessment
Due diligence of your “tech-stack” to ensure that server location does not expose client to illegal data transfers (high risk) and remediation of that risk.
GDPR COMPLIANCE SERVICES FOR SMEs
Article 30 Record of Processing Activity (ROPA)
Mandatory as matter of law and required by lenders/clients. Comprises template plus pre-population and support in maintenance.
Protocols for DSARs and Data Breaches
Forms and guidance for dealing with subject access requests and data breaches
DPIA (Data Privacy Impact Assessments)
Invariably required for introduction of any new system/process/processor. Lengthy and detailed analysis of the impact on data of the new process
Data Processing Agreements
Drafting from scratch detailed Data Processor or Controller agreements as required in law by Article 28.
Internal Training
A set of slides and guidance notes for internal delivery by client to satisfy requirements arising from potential breaches/DSARs
Internal Privacy Policy
Invariably required by lenders/partners/clients.
To protect your business from data protection penalties and fines, contact our GDPR solicitors today for expert GDPR legal advice.
GOT A GDPR COMPLIANCE RELATED QUESTION?
Please leave us your details and we’ll contact you to discuss your situation and GDPR requirements. There’s no charge for your initial consultation, and no obligation to instruct us. We aim to respond to all messages received within 24 hours.
Alternatively call us on 02076860000 or send your enquiry to ask@dragonargent.com
FREQUENTLY ASKED QUESTIONS
-
Whenever you collect and use identifiable personal data about customers or a client (like name, email, address and preferences) you need to stay compliant with the law.
If you don’t comply, you can be fined by the regulator (the ICO - Information Commissioner’s Office) – up to 4% of your turnover. Or, even more worryingly, the ICO can issue a ‘Stop Now’ order, which prevents you from collecting or using personal data at all, either permanently or until you have complied with their requirements.
-
The GDPR requires organisations who process personal information (known as “personal data”) relating others to keep that data safe, and to only process the data if they have lawful grounds to do so.
In summary, the GDPR obliges organisation who processes personal data to protect that personal data and only process it if they have lawful grounds to do so (including being transparent about what data is held and why and what is done with it, only processing the data for the purpose for which is was collected, only processing – collecting- the minimal amount of data needed for the lawful processing and making sure that the organisation has appropriate technical and organisational measures in place to protect .
-
The GDPR applies to all organisations (which includes sole traders, charities, partnerships and limited companies) who have a branch in an EU member state or if the organisation is based outside the EU, then if that organisation either “processes” personal data in the European Union or if customer, employees, users etc are based in the EU. “Processing” includes if the data is in transit, stored, or otherwise.
-
Individuals have the right to know what organisations are doing with their personal information, who that information is shared with, how long it is stored for etc.
They also have various rights of access to that information including:
Access
Rectification
Erasure (‘Right to be Forgotten’)
Restriction of processing
Portability (in a format to enable transfer)
Object to processing
Automated decision making, including profiling.
-
Understanding the complexities of the GDPR can be difficult and many businesses think it only covers personal information relating to their staff. Data protection also includes your customers’ and suppliers’ personal data and any data you are storing or managing for a third party.
We advise businesses on:
Data Audit
Data Asset Register
Data Protection Policies and Procedures
How to handle subject access requests (SAR / DSAR)
Individuals’ data rights
Dealing with data breaches, including reports to the ICO
Handing complaints from individuals and regulators
Moving data out of the EEA
Sharing data with other businesses
-
The data protection principles set out the rules you need to follow when using personal data. You must make sure the information is:
processed fairly, lawfully and transparently
processed for specified, explicit purposes
processed in a way that is adequate, relevant and limited to only what is necessary
accurate and, where necessary, kept up to date
kept for no longer than is necessary
handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
GDPR introduced a new ‘accountability’ principle. It means you are responsible for what you do with personal data and how you comply with the data protection principles.
What else you need to do will depend on how much and what type of data your practice controls.
-
Carry out an audit of the information you hold. Consider why and how long you hold this data. Implement a compliant data protection policy;
Update privacy notice on website and for all staff;
Review marketing processes and cleanse data where consent is needed;
Update all contracts with third parties, and terms and conditions to ensure GDPR compliance;
GDPR training/awareness for staff;
Ongoing audits.