All organisations manage a large quantity of information, whether it concerns children, parents, employees, charity donors, or otherwise. Data protection legislation is an increasingly used tool to protect the public from misuse of personal data and which creates a burden on data processors such as charities and schools, who often handle sensitive personal data which might give rise to action from the Information Commissioner if improperly managed. This can include a fine of up to £500,000 for serious breach of the Data Protection Act, changing to €20,000,000 or 4% of the organisation’s global turnover (whichever is the greater), once the General Data Protection (or GDPR) is enforced by the Information Commissioner from 26 May 2018. See below for further information.
Organisations that deal with personal information need to be clear on their obligations under the Data Protection Act, from notification to the Information Commissioners office, through to compliance with data protection principles, subject access requests, cloud data storage, social media and ultimately retention and destruction of data.
Two very similar organisations can have completely different needs and uses for their personal data. At Stone King, we get to know your organisation so that we can understand the context in which we are advising. Each member of our team brings with them a particular sector-specific or legal background, ensuring that advice is rounded, relevant and practical.
Particular areas of expertise include:
- notifications to the Information Commissioner
- privacy notices
- fair processing notices
- complaints about use of personal data
- use of data
- transfers of personal data –including outside of the EEA and to cloud providers
- data protection audits
- data protection policies
- use of sensitive personal data
- access to records
- training on data protection principles and practice
- application of data protection to social media
- compliance with the GDPR (General Data Protection Regulation).