JPP Law Blog
Ten Reasons to Review your Data Protection Procedures and Policies
It has been over two years since the General Data Protection Regulation (GDPR) came into force for EU countries, and the UK put it on the domestic statute book with the Data Protection Act 2018. At the time of implementation GDPR was a high-profile topic and organisations across the country were frantically reviewing and changing processes to ensure compliance with the new Act. Two years on it seems that some organisations have side-lined Data Protection as a priority which creates the risk of a Data Protection Act breach and potential fines from the ICO.
Many of the fines issued by the ICO are a result of poor marketing practice such as CRDNN who were fined £500,000 for making automated 'nuisance calls' and CPS Advisory Ltd which was fined £130,000 for making more than 100,000 unauthorised direct marketing calls. Other fines are due to bad internal procedures and probably a lack of training and knowledge. Hudson Bay Finance were fined for failing to respond to a subject access data request, Life at Parliament View received an £80,000 fine for leaving customers data exposed for nearly two years and Bounty UK shared personal data unlawfully and were fined £400,000. True Vision Productions filmed at a maternity clinic which resulted in a £120,000 fine and Doorstep Dispensaree Ltd were fined £275,000 for leaving personal data files in unlocked containers at the back of its premises in Edgware. With the correct training and procedures all these fines could have been avoided.
In an ideal world Data Protection should be an integral part of an organisation's culture, built into each and every process especially at times of great change caused by external factors such as a pandemic. Changes in how organisations deliver services and 'track and trace' are just two Covid related changes which create data protection considerations.
And, then we have Brexit looming!
It's good practice to review your data protection policies and procedures on a regular basis and here are a few reasons why:
- to ensure staff working at home are protecting the company's personal data;
- to consider the impact of Brexit on international data transfers;
- to avoid fines, bad publicity, and the destruction of customer trust;
- to allow you to be able to produce an up-to-date data processing schedule showing how your organisation processes personal data, should you be asked;
- your policies must help you be able to notify the ICO within 72 hours of becoming aware you have had a breach;
- up to date and accurate policies help your staff avoid issues in the first place, which can then lead to data protection breaches and fines;
- your data subject access request policy must help staff identify and respond to any data subject access request;
- identify data you should not be collecting, or which should be disposed of;
- ensure your data security and data processing systems are appropriate;
- many businesses, particularly large ones, require their supply chains to be fully legally compliant with all manner of legal and corporate social responsibility matters like data protection and Modern Slavery
If you are in need of help and guidance with Data Protection matters JPP Law can help. For start-ups or small companies who need to get Data Protection Act compliant we offer fixed fee document packages. For larger companies that fear they may have recently undergone significant changes or have let Data Protection 'slip' we can provide a data protection audit.
For more information call +44 (0)20 3468 3064 or email our Client Services Director Juliette.Pip@jpplaw.co.uk who can organise a free consultation with a member of our legal team. We use the consultation to learn more about your business and your requirements and we will follow up with a written quotation for services.
JPP Law Blog

- Case Studies and Reviews (9)
- Commercial Law (89)
- Dispute Resolution (27)
- Employment Law (118)
- Intellectual Property (2)
- Start-ups (20)
- Videos (8)
- 2021 February (1)
- 2021 January (1)
- 2020 December (1)
- 2020 November (2)
- 2020 October (2)
- 2020 September (2)
- 2020 August (1)
- 2020 July (3)
- 2020 June (1)
- 2020 May (3)
- 2020 April (1)
- 2020 March (2)
- 2020 February (2)
- 2020 January (2)
- 2019 December (2)
- 2019 October (1)
- 2019 September (5)
- 2019 July (3)
- 2019 June (2)
- 2019 May (2)
- 2019 April (3)
- 2019 March (2)
- 2019 February (2)
- 2019 January (2)
- 2018 December (2)
- 2018 October (4)
- 2018 September (12)
- 2018 February (6)
- 2018 January (7)
- 2017 December (2)
- 2018 July (14)
- 2018 June (2)
- 2018 May (13)
- 2018 April (8)
- 2018 March (11)
- 2017 November (6)
- 2017 October (12)
- 2017 September (14)
- 2017 July (7)
- 2017 June (10)
- 2017 May (6)
- 2017 April (4)
- 2017 March (11)
- 2017 February (6)
- 2017 January (1)
- 2016 December (2)
- 2016 September (4)
- 2016 July (1)