The collection of data about customers, employees, prospects and competitors is something every business does all the time. It’s a key asset, and its use can bring significant benefits. Legal compliance regarding data has taken on a much higher profile following the introduction of more demanding data protection and privacy laws such as General Data Protection Regulation (GDPR). Whilst a breach can lead to a fine and brand or reputation damage, the legal framework also offers opportunity; data can be collected, stored and used entirely lawfully if care is taken.
The Ashfords team takes a pragmatic, business-orientated approach to data protection/privacy advice which seeks to solve issues, not complicate. Our team members have extensive experience working with household names through to start-up companies, including working in-house within the business.
The breadth of experience means that we can offer a full service across data protection and privacy matters:
- Electronic Marketing - Advising on E-marketing and data protection laws to ensure compliance in sending marketing and service communications to consumers.
- Website & App Compliance – Audit of website and app functionality to determine consent and notification requirements required for the business to effectively use customer data.
- Policies - Drafting and advising on cookie and privacy policies (including employee and recruitment policies) to ensure data can be used lawfully and for the required purposes within the business.
- Contract Review (Including Cross-Border Data Transfers) - Review of contractual clauses for commercial agreements, with specific focus on data migration and exit planning. Advising on contractual compliance issues for cross border / global data transfer services across a range of industries, including health, education and aviation.
- Privacy Programme Implementation / Management – Project management and implementation of information risk management processes, policies and procedures to ensure processing and storage of data is in accordance with applicable law and industry practice.
- Privacy By Design – Helping businesses to prepare data inventory, data flow mapping and advising on data minimisation strategy to ensure compliance with data protection regulation and legal / regulatory retention periods.
- Data Breach Response & Regulatory Investigation - Responding to regulatory investigation and preparation of incident response processes.
- Subject Access Requests - Advising on complex and sensitive data subject access requests received from individuals.
- Litigation – Advising and representing clients in defence against data protection incident / breach and also acting for claimants
Services can be tailored to suit the requirements for your business and provide the tools that you need to effectively run and manage information assets and personal data in a compliant manner and in line with industry best practice.
Cyber security and information law
We can advise you on the legal requirements required to ensure the availability, integrity and confidentiality of information, and to ensure its secure transfer, including the use of encryption technologies and advanced electronic signatures.
Information assurance and security
All businesses are dependent on the use of ICT and hold large volumes of valuable and commercially sensitive information that is at risk, whether from industrial espionage, financial fraud or human error. We can help ensure that you are protected from these risks by implementing internal policies and procedures, such as helping you to create a Breach Response Plan.