CALL US: 0121 416 0121

Data Protection

DATA PROTECTION


GDPR came into force in May 2018 and it was the biggest change in organisational legislation for decades. It brings up to date the laws governing personal data and has forced every organisational type to examine their systems and processes in relation to data collection, storage, processing, retrieval, and transfer.

Many organisations are still not compliant or understand what compliance requires of them. Indeed, the type and size of organisation will have a considerable impact on its data protection obligations. We can help. We understand what the Information Commissioner will expect and it’s mostly about demonstrating that an organisation is adhering to the data protection principles.

Data protection legislation requires that organisations can demonstrate compliance. GDPR Article 24 (DPA 2018 Part 3 Chapter 4 Section 56) specifies that data controllers are “able to demonstrate, that the processing of personal data complies with the requirements”. This is a game changer in data protection legislation. If you can’t demonstrate compliance then you are guilty of an offence. Organisations need to ensure that evidence exists to avoid the penalties. That’s where M-piric can help.

We will either advise you or create for you, documentation that will deliver compliance. For any organisation that has ISO standards, the process will be familiar. For anybody else, don’t worry we will guide you through it. In either case, if you receive a ‘notice’ from the ICO saying that you have 28 days before inspection, then you can rest assured that your organisation will have met its obligations.

Some of you will think “we are already compliant”. However, it’s worth remembering that things change. It’s not good enough getting a rubber stamp from your IT Department. Get an audit to see if anything has changed or was missed. Here is some free data protection advice: “A second opinion is likely to be less expensive than a fine.” Check-out the fines on the ICOs website and also consider the reputational damage caused to those organisations.