Advising on the practical implications of GDPR, assessing data that you hold, personal data, data minimization, subject access requests (SARs), data transfers and data portability, breach management and risk analysis.
Advising on internal policies, staff handbooks and training requirements under new data protection obligations.
Managing data controller / data processor relationships – contractual obligations, communications and recommended best approach, including outsourcing and cloud services.
Advice to Data Processors on their enhanced obligations and potential liabilities under GDPR; managing data controller and data processor relationships and contractual obligations.
Reviewing data protection provisions in commercial contracts – see contract advice.
Reviewing data protection provisions in corporate transactions, including under share and asset sales – warranties, disclosure, due diligence and financial/indemnity risks.
Data protection notices, privacy policies, cookie policies, advice in relation to consent, marketing and data capture – see Online Trading and E-Commerce
Advising in relation to online trading, e-commerce and in particular the requirements under the Electronic Commerce (EC Directive) Regulations 2002, plans for a new E-commerce regulation and the Digital Economy Act 2017 – again see Online Trading and E-Commerce.
Advising marketeers on best practice, data capture, opt-in and (prohibited) opt-out consent, including how to handle bought-in lists and consent, under the Privacy and Electronic Communications (EC Directive) Regulations 1993.