01332 340 211

Understanding your businesses data protection requirements under GDPR

Find a person by name
Or choose a department

Data protection compliance is an increasingly important issue for all organisations which hold personal data.

Data protection rules can be complex and confusing. We have extensive knowledge and experience advising on the day to day use of data within an organisation and can assist with ensuring compliance with the General Data Protection Regulation and other data protection legislation.

General Data Protection Regulation (GDPR)

There are a number of changes that may need to be made to the way organisations record, store and use data when GDPR is implemented, these include;

  • Customers need to opt-inĀ for all communications, not opt-out
  • Explicit permission needed for gathering, storing and using personal data
  • Customers have more rights over their data and the way it is captured, stored and used
  • Data breaches must be reported to the ICO within 72 hours
  • Special protection is required for sensitive data on children and other vulnerable individuals
  • Organisations may need to appoint a Data Protection Officer

We can assist your organisation in outlining, developing and implementing policies, procedures and file structures that are both GDPR compliant and industry-leading, to ensure your organisation is taking a forward-thinking approach to data management and cybersecurity and giving it a ‘defensive shield’ from the consequences of non-compliance.

Enabling your customers

As of 25 May 2018, you will need to enable your customers;

  • Subject access
  • To have inaccuracies corrected
  • To have information erased
  • To prevent direct marketing
  • To prevent automated decision-making
  • To be provided with any requested data digitally

Data protection officer

Certain organisations will meet the criteria where it is mandatory to appoint a data protection officer. The conditions for which are:

  • whether you are a public authority (except for courts acting in their judicial capacity)
  • carry out large-scale systematic monitoring of individuals (for example, online behaviour tracking)
  • carry out large-scale processing of special categories of data or data relating to criminal convictions and offences

Data protection audits

Good compliance practice always has to start a benchmarking process. We can assist you, by working with management and key teams (such as HR, IT and Marketing) to understand how personal data is processed, stored and controlled within your organisation and to assess what, if anything, would need to be done to reach a high level of compliance. All of our audits are devised and charged on a bespoke basis, developed in accordance with your requirements.

Training on data protection compliance

Good data protection compliance rests on a solid understanding of the requirements of the data protection regime. Whilst there is a huge amount of information on the subject available often the best way to ensure this understanding is through training key members of your staff, particularly those who have control of personal data or information security.

Our data protection training programmes range from a general introduction to the regime (explaining the key concepts and the standards that you need to meet) through to highly specific sessions for your organisation focusing on the issues that are most important to you.

Our expert team can deliver training, based on business requirements, including;

  • On-site training sessions for individuals or teams of data-handling staff
  • Remote digital training sessions with interactive workshops
  • Induction videos and assessment modules for new starters

We run regular training seminars throughout the year and also bespoke training seminars for individual clients for all staff and at director level, providing a detailed review of the impact of GDPR for organisations and senior management in particular.

Contact our Commercial Contracts team

We have advised on data protection issues since the implementation of the 1998 Data Protection Act. We seen as experts by our clients from large plcs, SMEs and family businesses as well as working with a wide range of organisations in the Education Sector.We are noted for our strategic advice and policy drafting in the compliance arena across a broad range of industry sectors.

By completing the above form, you opt-in to receive information on the latest news, events and services information from Flint Bishop. You may opt-out at any time. We respect your privacy and do not tolerate spam. We will never sell, rent, lease or give away your personal information (name, address, email, etc.) to any third party.

Contact us


Derby Head Office:
St. Michael’s Court
St. Michael’s Lane
Tel: 01332 340 211
Fax: 01332 207 601
DX: 729320 Derby 24

54, St. John Street
Tel: 01335 342 208
Fax: 01335 342 010
DX: 26834 Ashbourne

Opening Times:
Our offices are open Monday to
Friday between 8:00am & 6:00pm

Contact us