Which data protection laws are applicable in the UK? Do I need a DPO (Data Protection Officer)?
DATA PROTECTION BASICS
Data protection is a process to safeguard the privacy, availability and integrity of individuals and personally identifiable data.
Data protection must be on the agenda of all boards.
Organisations, businesses or the government must follow legislation on how they use your personal information.
apPLICABLE LAWS and DPO
The UK GDPR (General Data Protection Regulation) and the DPA (Data Protection Act) 2018 governs UK data protection. Organisations in the UK that process personal data must follow these two data privacy laws. Non-compliance risk fines of up to £17.5 million or 4% of annual global turnover – whichever is greater.
The UK GDPR introduces a duty for you to appoint a DPO within certain circumstances. The DPO must be independent and an expert in data protection.
What we Can Help You With
The journey to protecting personal data starts with the understanding of your data assets, the categories of data. And the measures you need to put in place to safeguard personal information to comply and meet your legal and contractual obligations..
Data Protection Officer
Staff Awareness Training
Safeguarding and Protecting
DATA PROTECTION OFFICER
As your DPO, we will educate you and your employees about your data protection obligations. We will support you to ensure compliance with Data Protection regulations and support you with:
- DSAR – advise you and guide you in responding to subject access requests
- Advice on DPIA (Data Protection Impact Assessments), monitoring and review
We will act as the main point of contact for ICO and data protection related matters and complaints.
STAFF AWARENESS TRAINING
It is well researched and documented that people are the weakest links when it comes to the implementation of policies and procedures. It is, therefore, crucial to ensure that all your staff and business leaders are aware of their roles and responsibilities when it comes to data protection.
Our training will help your staff to:
- identify what qualifies as personal data and how it should be protected
- how to identify and report data protection breaches
Safeguarding and protecting
Understanding the source of personal data into your organisation, how the data is processed, where it is stored, how long for and who has access to the data are all key to safeguarding and protecting the data.
In many organisations, data if freely floating around in various systems and people have no idea what they have in their possession.
Maysante will help your organisation discover your data assets and put the necessary measures in place to safeguard and protect the data to ensure its confidentiality, availability and integrity.
Frequently Asked Questions
What is data protection?
Data protection is a set of strategies and processes you can use to secure the privacy, availability, and integrity of your data.
what data protection laws are applicable in the uk?
The UK GDPR (General Data Protection Regulation) and the DPA (Data Protection Act) 2018 governs UK data protection. The main purpose of the data protection act is to protect individuals from having their personal details misused or mishandled.
what is a data protection officer(DPO)?
DPOs assist you to monitor internal compliance, inform and advise on your data protection obligations. The DPO provides advice concerning the Data Protection Impact Assessment (DPIAs) and acts as a contact point for data subjects and the Information Commissioner’s Office (ICO).
Not all organisations are required to appoint a DPO.
Do I need to appoint a dpo?
Under UK GDPR, you must appoint a DPO if:
- you are a public authority or body
- your core activities consist need regular and systematic monitoring of individuals on a large scale
- your core activities consist of large scale processing of special categories of data (sensitive data such as health, religion, race or sexual orientation) or data relating to criminal convictions or offences.
Small, medium-sized enterprises (SMEs) are not exempt from appointing a DPO.
Do i have to appoint a dpo internally?
No. GDPR allows you to choose. The DPO can be an existing employee or externally appointed. Outsourcing the role of the DPO can help you to address the compliance demands of the GDPR while staying focused on core business activities.