July 14, 2020
Following the introduction of the GDPR in 2018, businesses must ensure they manage their data both effectively and legally.
For start-ups in particular, ensuring compliance with the GDPR is vital to engender trust from customers and clients, as well as to secure future investment and avoid potentially crippling fines for data protection breaches.
Siobhan Williams outlines some key steps for start-ups to ensure compliance with the GDPR:
Conduct an internal data assessment. Think about what information you need to obtain from customers, clients and employees in order to provide your goods/services and to discharge your duties as an employer. Don’t forget to think about information you are obliged to obtain by any regulations or legislation you are subject to.
Trim any excess. Think about your existing customer/client journey and what information you are already collecting from them. Are you habitually collecting personal information from people which you don’t use or need?
Keep records. Make sure you keep a written audit trail of the data assessment you have conducted and the decisions you have made. Ensure you have a reasoned explanation of which of the 6 lawful bases you have for processing personal information. Take advice if you are unsure.
Ensure you have data protection policies. You will likely need two policies: one which is customer/client facing, and one dealing with your employees. It is worth investing some resources here to ensure that you have a comprehensive and compliant policy.
Think about your relationships with third parties. You might subcontract some services to third parties, or you might be acting as a data processor as part of the services you supply to your own clients and customers. Make sure that your terms of business have up to date data protection provisions – if you are processing data on behalf of your clients, make sure you have appropriate warranties from them that they have the right to share the personal data with you.
I have worked with Darwin Gray for a number of years and the level of service, professionalism and timely response is second to none. I would highly recommend Darwin Gray to any business.”
Darwin Gray have provided us with a first-class service for many years now. They really take the time to understand our business and develop relationships which results in advice and support that is contextualised and effective.”
We have worked with Darwin Gray for several years and have always found their services and advice to be first class.”
An extremely professional and sincere firm who make time for your queries and understand the need to break down certain facts and information to ensure everything is understood perfectly. I would highly recommend the firm to anyone looking for any type of legal advice”
PSS has worked with Darwin Gray for many years. We have always received an excellent service. Prompt and professional advice and support.”
Darwin Gray have acted for myself and my company over a number of years and at all times we have been treated with a professional manner yet maintain a common-sense approach at all levels. We couldn’t recommend them more highly.”
We have been clients of Darwin Gray for many years; they’ve always dealt with all of our legal matters with such professionalism. They work around us, even during awkward hours, and we feel confident we can always rely on them.”
Darwin Gray has been acting for Siltbuster for more than ten years. We would have no hesitation in recommending Darwin Gray to other organisations small or large.”
