Home / Data Compliance & Risk Management

Data Compliance & Risk Management

GDPR Compliance UK Services

The General Data Protection Regulation (GDPR) replaced the previous Data Protection Act of 1998, and is a significant upgrade in data usage, data processing and protection of personal information, such as cardholder data or other sensitive client or customer information.

Its tentacles reach far into businesses globally, where management and responsibility must sit with a company’s board of directors. Given its priority, it is imperative for businesses to ensure that they have the correct culture and procedures in place when processing personal data.

Our GDPR compliance service includes

  • Undertaking GDPR data flow audits and health checks to ensure personal information is not compromised.
  • Providing management tools and identifying areas of data risk in your business.
  • Recommending remedial action to improve your data security and data handling processes, mapping out an implementation plan to address high risk areas first
  • Support the business with projects that are directed at improving data management practices and procedures
  • Putting in place the appropriate notices, policies, procedures and agreements
  • Managing subject access requests, exercise of data subject rights and complaints by data subjects

Data subject access request

What is a subject access request?

Under the Right of Access, an individual is entitled to ask for their personal data – this is more commonly known as a subject access request. The request does not have to be in any particular form and the requester does not have to follow a set procedure.

What is included in a subject access request?

Subject access is most often used by individuals that would like to view a copy of the personal data an organisation holds on them, however, it is not limited to that – an individual is also entitled to be told whether any of their personal data is being processed; given a description of the personal data; the reasons it is being processed; and whether it will be given to other third parties.

An individual can also request information about the reasoning behind any automated decisions taken about him or her, such as a computer-generated decision to grant or deny credit, or an assessment of performance at work (except where this information is a trade secret).

It is important to check the identity of the requester before any personal data is sent out. You must also ensure that you do not send the personal data of another person.