The General Data Protection (GDPR) introduced the new principle of accountability, which requires data controllers to be able to demonstrate their compliance with the obligations imposed by the GDPR.
One of the key ways in which this is achieved is for all businesses and organisations to have appropriate policies and documentation in place.
We regularly draft and review data protection policies for our clients, including:
- data protection compliance policies
- customer-facing and internal-facing privacy policies
- data subject request policies
- data retention policies, and
- data breach incident response plans.
We also help clients ensure that they are aware of the practical steps which need to be taken to ensure that policies are successfully put into practice, rather than being forgotten about.
We have assisted a broad range of businesses to put in place appropriate GDPR policies and documentation, including innovative fintech and adtech companies, financial and professional services firms including UK and US law firms, and multinational businesses in the UK, as well as international organisations.