What is GDPR?

The General Data Protection Regulation (GDPR) is coming into force on 25th May 2018 and will affect all UK firms be they companies, limited liability partnerships, partnerships, sole traders, local authorities etc. The common theme being that they all process "personal data".

"Personal data" means any names, physical addresses, IP addresses or any data that identifies or may identify a natural person (think of any information captured by a firm concerning employees, suppliers, customers etc.).

GDPR is a hugely complex EU law that is being implemented across the European Economic Area or EEA. It will be implemented in the UK regardless of BREXIT. GDPR returns control of personal data to the data subject (who could be your employee, customer, supplier or a person working for your customer, supplier etc.) and imposes strict new laws when "processing" such data (whether it is capturing, saving or transferring the data to others). You may well be required to obtain and retain the specific consent of your data subject after 25th May 2018 before you are entitled to process their personal data. Failure to do so may expose you to potentially massive fines.

The "supervisory authority" in the UK is the Information Commissioner's Office (the ICO - www.ico.org.uk) which provides personal data guidance but also imposes fines for a breach of the regulations.

It is important to note that the ICO requires all UK organisations to have the following in place as from the 25th May 2018:

1. Data protection policy and procedures;

2. Specific requests for consent provided by the organisation and which are not pre-filled;

3. A communication with the data subject advising as to their rights in respect of the protection of their personal data;

4. Potentially restructuring the organisation to ensure that it is compliant with GDPR;

5. All products and services have been designed (or re-designed) to ensure they are GDPR compliant;

6. Any external party (a group company is considered to be external) to whom an organisation sends personal data, must have "outsourcing" arrangements in place between the two entities;

7. All personal data processing must be recorded;

8. Organisation to ensure they "process" data is encrypted;

9. Any breaches are identified and potentially reported both to the ICO and "publically" ;

10. If appropriate, the organisation must appoint a Data Protection Officer (DPO); and

11. Any data that is transferred to a third country (that is a non EEA country) is transferred in accordance with GDPR provisions.

Why The MPACGroup?

The MPAC Group is a London based niche corporate compliance and regulatory consultancy. Since we were established in 2003, we have been providing consultancy services to a wide range of FCA regulated and unregulated firms.

MPAC has partnered with various specialist firms in the GDPR sector to combine our respective and complementary skills to offer you a comprehensive "Single Source Solution" to cover all your GDPR requirements. These services cover everything that you as a firm will need to be as compliant as possible once GDPR commences.

We are offering a full package of services that will provide the tools and know-how for all types and sizes of UK firms. The packages are designed to be cost effective enabling you to do as much of the work as possible, with guidance where required, to ensure that costs are reasonable and transparent.

Our GDPR Subscription Service

The packaged services include:

  • Impact analysis framework, policies, procedures and other tools to manage the whole GDPR project for your firm;
  • Template legal documents from our leading law firm partner that cover most of your requirements;
  • Training - online and bespoke GDPR training modules dealing with the practicalities of GDPR for your business;
  • A GDPR Help-Line covering the project and certain legal questions;
  • An IT system to manage the GDPR project and data on an ongoing basis (optional);
  • Outsourced Data Protection Officer (optional);
  • Access to specialist Insurance; (optional);
  • An annual subscription for updates and help to keep your firm compliant;
  • A GDPR personal data audit;
  • A PR firm that, in the event of a data breach, will help ensure the correct message is provided publically.

Our Services to you

By purchasing our Complete GDPR Package you will get what is shown above which includes frameworks and legal templates to enable you to map and build your GDPR needs and requirements, as well as one year's subscription to our services starting from the 26th May 2018.

Enquire now