Data protection has become one of the most talked about business issues of our time. For the commercial world, individuals’ rights to privacy have hit the media headlines having come under sustained attack in the digital world. While corporations and governments have used analytical tools to identify and target customers and supporters respectively, legislators have struggled to keep pace. Recent news events such as the onward transfer of user data by Facebook to third parties has increased the pressure on corporates to protect individuals from exploitation and get their firm wide ‘data house’ in order.
The introduction of the EU-wide General Data Protection Regulation (GDPR) in May 2018 has increased scrutiny, focussed minds and requires a new heightened level of legal compliance. It applies to all users of personal data and imposes greater obligations on those who process it, together with greater penalties for those who are in breach. Failing to comply with its rules, requirements and obligations will not only hurt companies financially but may also drive business away.
The Data Protection team at Cubism are regulatory, compliance and data specialists who have significant experience of data protection, having advised on all aspects of the previous data protection legislation and lived and breathed the new legislation from an EU-wide perspective.
We advise commercial enterprises of all size, professional service providers, marketing businesses, and individuals who control, hold and manage personal data.
We provide an overall strategy designed to help make clients compliant as soon as possible and will advise on policies, contracts and the myriad of issues which continue to arise in this evolving area of law.
- Data audits and risk analysis
- Responding to the exercise of individuals’ rights
- Drafting internal and external data protection policies
- Preparing data breach policies and responding to a breach
- Drafting and reviewing data processing agreements
- Reviewing contracts with clients and with suppliers
- Advice on international transfers
- Advice on marketing activities and on database sales
- Determining whether clients are data controllers or processors and their respective obligations
- Providing training