The General Data Protection Regulation (GDPR) will come into effect in the UK on 25 May 2018. The UK is preparing for the GDPR by preparing its Data Protection Bill. The GDPR will survive Brexit and all UK companies are required to comply with its terms. At the very least, this will result in Privacy Notices being issued by most UK employers.
At Constantine Law, we are advising our clients on the practical implications of the GDPR by preparing detailed action lists, which are easy to follow and set out clear deliverables for clients. We are also writing and speaking regularly on the subject, with trade bodies.
We can guide our clients through the complexity of GDPR by:
1. Working with clients and third parties to conduct a data audit with a view to identifying the personal data held about a workforce.
2. Preparing Privacy Notices for clients and related amendments to contractual documentation (contracts and handbooks).
3. Reviewing commercial contracts, including related indemnities and warranties.
4. Agreeing a resourcing plan, with clients, including appointment of a Data Protection Officer.
5. Strategic advice around data security and breach reporting.
6. Training of clients' HR and management teams on GDPR.
- Advising an international telecoms business, headquartered in Lagos, and with a global workforce on its GDPR obligations and related advice concerned group companies.
- Advising one of London's most reputable IFA businesses in relation to GDPR in terms of updated privacy notices for its staff.
- Practical advice to a national recruiter on the retention and management of candidate data as well as its own obligations to its staff.
More general guidance can be found on the ICO website.