COMMON QUESTIONS ANSWERED
We have hands-on experience with intellectual property, bank and financial regulations, healthcare, technology and law, so we understand exactly what you need.
How long will it take my company to be compliant?
It depends which regulations your company needs to comply with and how close you are to achieving compliance. On average, companies take between 6 to 12 months to become compliant with data protection regulations, but it’s important to remember staying compliant is an ongoing process.
Will Brexit affect General Data Protection Regulation (GDPR)?
Not in the way most people think. Firstly, GDPR comes into force in May 2018, so it will need to be complied with before Brexit becomes a reality.
Secondly, the, UK Government is already in the process of passing an updated data protection act which mirrors GDPR, so the compliance requirements under GDPR will be enforced through UK law regardless.
Finally after Brexit, UK companies will still want to do business with those in Europe, so they will need to know how to comply with European standards. The most important thing is to remember is that Brexit will not mean that UK companies do not have to comply with GDPR.
Is it necessary for my company to comply with GDPR?
It is very likely that your company will have to comply with GDPR, unless you have no employees and hold no customer data. It’s important for companies to understand that it’s not just large businesses or businesses whose primary product is customer data that need to worry about compliance. It also doesn’t just affect electronic data but hard copy as well, so staying off the grid does not make a company immune from compliance requirements.
Does my company need a Data Protection Officer (DPO)?
Not every company will need a DPO. Working out whether you need one or not is based on several factors including:
- the size and scope of your business
- the number of employees
- the types of data you hold
- whether you operate across multiple jurisdictions.
The most important thing to do is at least consider whether you need a DPO. One of the benefits of the new GDPR regulations is that a DPO does not have to be an employee but can be contracted for that role.
What type of compliance training does my company need?
One of the first questions the Information Commissioner’s Office (ICO) asks when investigating a potential data breach is what type of training employees have received and when was it? So, your company needs privacy and data protection training with at least an annual refresher.
Ideally training should be tailored to the type of business and the type of data and breach risks. It should not be lumped in with other general training where its importance can’t be recognised. Training can be online or in person as long as there is a means to assess its effectiveness.
What certification or license is there for DPOs?
Unfortunately, there is no current license or standard for DPOs. This has led to a significant increase in the number of businesses and people claiming to be experts in data protection. We are pushing the Government and the regulator to adopt standards so that our clients and other businesses needing advice on data protection can have assurance that the people they are working with are qualified. In the meantime, companies must be diligent and check the background, track record and experience of the people they are looking to for advice on compliance. While we can’t show you certification in data protection, our track record speaks for itself.