UK data protection support
UK businesses face two data protection challenges. On the one hand, they have to meet the requirements of the DPA that is changing due to Brexit. On the other hand, it will also be necessary to comply with the GDPR in the future in order to continue to cooperate with EU companies.
Our UK data protection support will help you overcome these challenges and make data protection a real competitive advantage.
Key facts about data protection in UK
How your UK business will benefit from external data protection support.
Which companies need data protection support?
All businesses that process personal data need to comply with data protection regulations. If you are unsure whether your processing activities are GDPR- and DPA-compliant (Data Protection Act 2018), your business could benefit from regular expert advice to ensure your business decisions are in line with both the legislation and official guidance from supervisory authorities. This is particularly true for businesses that deal with large amounts of personal data, and especially those using digital technology, e.g. webshops, apps and other e-commerce platforms.
Furthermore, companies with more complex internal structures that rely on regular data transfers between affiliates and branches could benefit from professional data protection support, as could organisations that use special categories of data – such as health or biometric data – where a stricter data protection regime applies.
What tasks can external data protection support assist you with?
Our data protection experts can provide support on all of your company’s data protection needs, including the creation of privacy notices, ensuring your website is compliant and developing your product or service in line with data protection regulations.
Our support also includes advice on all GDPR and DPA matters, assistance with compiling a processing record, the provision of commonly-required sample policies and templates, and helping you to establish a complete ‘data protection management system’ as required by law.
What are the advantages of getting external data protection support?
Engaging an external data protection specialist has many advantages. It will ensure that your company is GDPR- and DPA-compliant. Also, because our experts have a technical background and find data protection solutions for different-sized companies across a range of industries on a daily basis, they know how best to implement the measures required by law within your company. Our specialists do not just go through the motions, they know exactly how to deal with the Information Commissioner’s office (ICO) and can help you to avoid costly fines.
Additionally, if you choose our year-round data protection support service at a fixed flat rate price, you can avoid paying high fees for advice from a non-specialist law firm and will benefit from expert advice from our specialist team of data protection lawyers.
Our data protection support services
| Service | Basic | Business | Management |
|---|---|---|---|
| Annual activity report | 1 | 2 | 2 |
| Annual status discussion | 1 by phone | 1 on site, 1 by telephone | 2 on site |
| Answering of unlimited data protection-related queries | per request ≤ 15 minutes |
per request ≤ 30 minutes |
per request ≤ 60 minutes |
| On-site employee training | 1x per year | 2x per year | |
| Annual access to the online training portal | 10 employees | 20 employees | 50 employees |
| Establishing records of processing activities | 5 processing activities / year | 10 processing activities / year | 20 processing activities / year |
| Fulfilment of information obligations | employees | employees + customers | Employees + customers + prospects |
| Data processing as a controller: Review of data processing agreements (DPA) | 1 service provider/month | 2 service provider/month | |
| Review of privacy notice on your website (without webshop) | 1x per year | 1x per year | 1x per year |
| Draft IT-use policy | |||
| Advice on data protection impact assessment | |||
| Draft retention and deletion policy | |||
| Draft personal data breach policy | |||
| Draft data protection management handbook | |||
| Draft data protection policy | |||
| Draft access control policy | |||
| Draft contracted data processing policy | |||
| Draft policy on data subjects’ rights | |||
| HR: Drafts of various templates, fact sheets and checklists | |||
| Draft risk assessment policy | |||
| Conducting internal audits (workshops) with report | 1x per year | ||
| Service | Basic |
|---|---|
| Annual activity report | 1 |
| Annual status discussion | 1 by phone |
| Answering of unlimited data protection-related queries | per request ≤ 15 minutes |
| On-site employee training | |
| Annual access to the online training portal | 10 employees |
| Establishing records of processing activities | 5 processing activities / year |
| Fulfilment of information obligations | employees |
| Data processing as a controller: Review of data processing agreements (DPA) | |
| Review of privacy notice on your website (without webshop) | 1x per year |
| Draft IT-use policy | |
| Advice on data protection impact assessment | |
| Draft retention and deletion policy | |
| Draft personal data breach policy | |
| Draft data protection management handbook | |
| Draft data protection policy | |
| Draft access control policy | |
| Draft contracted data processing policy | |
| Draft policy on data subjects’ rights | |
| HR: Drafts of various templates, fact sheets and checklists | |
| Draft risk assessment policy | |
| Conducting internal audits (workshops) with report | |
| Service | Business |
|---|---|
| Annual activity report | 2 |
| Annual status discussion | 1 on site, 1 by telephone |
| Answering of unlimited data protection-related queries | per request ≤ 30 minutes |
| On-site employee training | 1x per year |
| Annual access to the online training portal | 20 employees |
| Establishing records of processing activities | 10 processing activities / year |
| Fulfilment of information obligations | employees + customers |
| Data processing as a controller: Review of data processing agreements (DPA) | 1 service provider/month |
| Review of privacy notice on your website (without webshop) | 1x per year |
| Draft IT-use policy | |
| Advice on data protection impact assessment | |
| Draft retention and deletion policy | |
| Draft personal data breach policy | |
| Draft data protection management handbook | |
| Draft data protection policy | |
| Draft access control policy | |
| Draft contracted data processing policy | |
| Draft policy on data subjects’ rights | |
| HR: Drafts of various templates, fact sheets and checklists | |
| Draft risk assessment policy | |
| Conducting internal audits (workshops) with report | |
| Service | Management |
|---|---|
| Annual activity report | 2 |
| Annual status discussion | 2 on site |
| Answering of unlimited data protection-related queries | per request ≤ 60 minutes |
| On-site employee training | 2x per year |
| Annual access to the online training portal | 50 employees |
| Establishing records of processing activities | 20 processing activities / year |
| Fulfilment of information obligations | Employees + customers + prospects |
| Data processing as a controller: Review of data processing agreements (DPA) | 2 service provider/month |
| Review of privacy notice on your website (without webshop) | 1x per year |
| Draft IT-use policy | |
| Advice on data protection impact assessment | |
| Draft retention and deletion policy | |
| Draft personal data breach policy | |
| Draft data protection management handbook | |
| Draft data protection policy | |
| Draft access control policy | |
| Draft contracted data processing policy | |
| Draft policy on data subjects’ rights | |
| HR: Drafts of various templates, fact sheets and checklists | |
| Draft risk assessment policy | |
| Conducting internal audits (workshops) with report | 1x per year |
Why you should choose activeMind.legal as your data protection officer
We are a well-established law firm with offices in Berlin and Munich. Our lawyers and experts have many years of experience and various data protection and data security certifications.
We have broad experience in dealing with local authorities in the EU, as well as with data subjects. We also assist our clients with processing records on a daily basis.
Our international team speaks 10+ European languages and knows the data protection laws of many EU countries in detail.