- United Kingdom - Solicitors
- United Kingdom - The Bar
- United States
- Canada
- Caribbean
- Deutschland
- Paris
- Tax Directors Handbook
- What is The Legal 500?
- Meet the team
- How can my law firm get involved?
- Research calendar
- The Legal 500 on Twitter
- Contact us
- Other Legalease products
ABOUT US
- Junior barristers: Shaping the future of the Bar
- RT: The changing role of the Brazilian GC
- RT: Hong Kong
- The changing role of the Scottish GC
- RT: Qatar - the role of lawyers in a time of crisis
- Shanghai Summit
- Senior clerks/CEOs: Shaping the future of the Bar
- GC Think Tank: Navigating the corporate crisis
- RT: Colombia - cyber security
- RT: Miami - Financing complex projects in Central America
- Commercial Litigation Summit 2017
- The Iran Debate
- Insights on diversity and inclusion
- The Leeds Conference
- Dissenting perspectives - talent management
- GC Summit Switzerland
- Click here for all previous roundtable reports
- Client Intelligence Report
- Leadership insight
- Human rights insight
- MINT: the legal challenges of working and investing in emerging economies
- Response to Brexit
- An investigation of the GCC and Middle East legal market
- Litigation and regulatory challenges in financial services
- AI and the law tools of tomorrow:
A special report - Scottish GCs
- North West clients
- Arbitration backing Africa's investment boom
- COMPANIES
- Baker McKenzie
- Paul Hastings
- Carlyle Kingswood Global
- Mastercard
- Barclays
- Unilever
- Shell
- Walmart
- Hewlett Packard Enterprise
- GC DIVERSITY AND INCLUSION REPORTS
- Shaping diversity
- A Numbers Game: Diversity in Europe
- Barbara Levi Mager describes Sandoz's approach to diversity
- Tony West is using his experience to improve diversity and inclusion within PepsiCo
- Prash Naik (Channel 4) talks about the 360° Diversity Charter
- Ian Johnson explains the strategic importance of inclusive work environments
- GC WINTER 2017
-
GUERRILLAS IN THE MIDST
- Notes from the AG
- Crises, consumers and growing controls
- Combating corruption in South America
-
Elsewhere in the UK
- Dispute resolution
- Agriculture and estates
- Bloodstock
- Charities and not-for-profit
- Contentious trusts and probate
- Family
- Personal tax, trusts and probate: Cambridge
- Personal tax, trusts and probate: Ipswich
- Personal tax, trusts and probate: Norwich
- Personal tax, trusts and probate: Peterborough
- Personal tax, trusts and probate: Elsewhere in East Anglia
- Agriculture and estates
- Charities and not-for-profit
- Contentious trusts and probate
- Family: Thames Valley, Berks, Oxon, M4/M40
- Family: Kent, Surrey, Sussex
- Family: Beds, Bucks, Herts, Middx
- Family: Hampshire
- Family: Essex
- Personal tax, trusts and probate: Thames Valley, Berks, Oxon, M4/M40
- Personal tax, trust and probate: Kent, Surrey, Sussex
- Personal tax, trusts and probate: Beds, Bucks, Herts, Middx
- Personal tax, trusts and probate: Hampshire
- Personal tax, trusts and probate: Essex
Law Firms
The Bar
-
London Bar
- Set overviews: England and Wales
- Administrative and public law (including local government)
- Aviation
- Banking and finance (including consumer credit)
- Business and regulatory crime (including global investigations)
- Charities
- Children law (including public and private law)
- Civil liberties and human rights (including actions against the police)
- Clinical negligence
- Commercial litigation
- Commodities
- Company and partnership
- Competition
- Construction
- Consumer
- Costs
- Court of Protection and community care
- Crime (general crime)
- Defamation and privacy
- EU law
- Education
- Employment
- Energy
- Environment
- Family law (including divorce and financial remedy)
- Financial services
- Fraud: civil
- Fraud: crime
- Health and safety
- IT and telecoms (including data protection)
- Immigration (including business immigration)
- Inquests and inquiries
- Insolvency
- Insurance and reinsurance
- Intellectual property
- International arbitration: arbitrators
- International arbitration: counsel
- International crime and extradition
- Licensing
- Media and entertainment (including art and cultural property)
- Offshore
- Pensions
- Personal injury, industrial disease and insurance fraud
- Planning
- Police law (defendant)
- Private client: personal tax
- Private client: trusts and probate
- Proceeds of Crime Act and asset forfeiture
- Product liability
- Professional discipline and regulatory law
- Professional negligence
- Property litigation and agriculture
- Public international law
- Public procurement
- Shipping
- Social housing
- Sport
- Tax: corporate and VAT
- Travel law (including jurisdictional issues)
- Regional Bar
- Northern Circuit
- Market overview
- Stables overview
- Civil liberties, human rights, public inquiries, and public and administrative law (including local government)
- Commercial litigation
- Company and insolvency
- Crime
- Employment
- Family and childcare
- Health and safety, and regulatory
- Intellectual property, information technology and media
- Personal injury and medical negligence
- Planning, environmental and licensing
- Professional negligence
- Property, construction and agriculture
- Tax, trusts and pensions
-
London
-
Corporate and commercial
- Overview
- Commercial contracts
- Corporate tax
- Customs and Excise
- EU and competition
- Equity capital markets
- Financial services
- Flotations: small and mid-cap
- M&A: upper mid-market and premium deals, £250m+
- M&A: mid-market, £50m-£250m
- M&A: smaller deals, up to £50m
- Partnership
- Private equity: transactions
- Trade, WTO, anti-dumping, and customs
- VAT and indirect tax
- Venture capital
-
Corporate and commercial
- Crime, fraud and licensing
- Overview
- Acquisition finance
- Asset-based lending
- Asset finance and leasing
- Bank lending: investment grade debt and syndicated loans
- Commodities: derivatives
- Commodities: physicals
- Corporate restructuring and insolvency
- Debt capital markets
- Derivatives and structured products
- Emerging markets
- High yield
- Islamic finance
- Securitisation
- Trade finance
- Overview
- Clinical negligence: claimant
- Clinical negligence: defendant
- Insurance: corporate and regulatory
- Insurance: insolvency and restructuring
- Insurance litigation: for policyholders
- Insurance and reinsurance litigation
- Personal injury: claimant
- Personal injury: defendant
- Product liability: claimant
- Product liability: defendant
- Professional negligence
- Directory
- Bar Directory
- Services for Lawyers
- Legal Developments
- Banking and Finance
- Conflicts of interest
- Corporate & Commercial
- Corporate compliance & regulatory enforcement
- Corporate tax
- Crime
- Cyber Crime
- Employment
- Environment
- EU & competition
- Fraud and Corporate Crime
- Immigration
- Insolvency & Restructuring
- Insurance
- Intellectual Property
- IT & telecommunications
- Litigation & Dispute Resolution
- Media, Entertainment & Sport
- Pensions
- Public Law
- Real Estate & Property
- Press Releases
All countries
- Afghanistan
- Albania
- Algeria
- Angola
- Anguilla
- Argentina
- Armenia
- Australia
- Austria
- Azerbaijan
- Bahamas
- Bahrain
- Bangladesh
- Belarus
- Belgium
- Benin
- Bermuda
- Bolivia
- Bosnia and Herzegovina
- Botswana
- Brazil
- British Virgin Islands
- Bulgaria
- Burkina Faso
- Burundi
- Cambodia
- Cameroon
- Canada
- Cayman Islands
- Chad
- Chile
- China
- Colombia
- Congo
- Costa Rica
- Croatia
- Cyprus
- Czech Republic
- Denmark
- Dominican Republic
- Ecuador
- Egypt
- El Salvador
- Equatorial Guinea
- Estonia
- Ethiopia
- Finland
- France
- Gabon
- Gambia
- Georgia
- Germany
- Ghana
- Gibraltar
- Greece
- Guatemala
- Guernsey
- Guinea
- Honduras
- Hong Kong
- Hungary
- Iceland
- India
- Indonesia
- Iran
- Iraq
- Ireland
- Isle of Man
- Israel
- Italy
- Ivory Coast
- Japan
- Jersey
- Jordan
- Kazakhstan
- Kenya
- Kosovo
- Kuwait
- Kyrgyzstan
- Laos
- Latin America: International firms
- Latvia
- Lebanon
- Libya
- Liechtenstein
- Lithuania
- Luxembourg
- Macau
- Macedonia
- Malaysia
- Mali
- Malta
- Mauritania
- Mauritius
- Mexico
- Moldova
- Monaco
- Mongolia
- Montenegro
- Morocco
- Mozambique
- Myanmar
- Namibia
- Netherlands
- New Zealand
- Nicaragua
- Niger
- Nigeria
- Norway
- Oman
- Pakistan
- Panama
- Papua New Guinea
- Paraguay
- Peru
- Philippines
- Poland
- Portugal
- Puerto Rico
- Qatar
- Romania
- Russia
- Rwanda
- Saudi Arabia
- Senegal
- Serbia
- Seychelles
- Singapore
- Slovakia
- Slovenia
- South Africa
- South Korea
- Spain
- Sri Lanka
- St Barts
- St Vincent
- Sweden
- Switzerland
- Syria
- Taiwan
- Tajikistan
- Tanzania
- Thailand
- Tunisia
- Turkey
- United Kingdom
- Uganda
- Ukraine
- United Arab Emirates
- United States
- Uruguay
- Uzbekistan
- Venezuela
- Vietnam
- Yemen
- Zambia
- Zimbabwe
Search News and Articles
Are You Ready For The GDPR?
Anyone in business in the UK who collects or processes data from European Union citizens needs to be aware of the General Data Protection Regulations (GDPR) which come into force on 25th May 2018.
Whether you are a business owner holding a Tier 2 or 5 Sponsor Licence, a director of a company on a Tier 1 Entrepreneur Visa, or a freelancer having entered the UK on a Tier 1 Exceptional Talent Visa, not only must you be up to speed with the changes the GDPR will bring, but your organisation must be fully compliant before they come into force.
OTS Solicitors is a highly-ranked Legal 500 law firm and has years of experience in Immigration Law. Our London-based immigration solicitors can provide companies and individuals with the best advice on the requirements of the GDPR and how to achieve compliance.
What is the GDPR?
The GDPR is an EU directive which was passed on 24th May 2016. The reasons to change the law are two-fold; 1) to bring the law surrounding data protection up to date with the ubiquitous use of social media and cloud computing, 2) to create a uniform regime across the entire EU, a move that is expected to save businesses collectively €2.3 billion per year.
All controllers and processors of data must comply with the GDPR. Failure to do so can result in a fine of €20 million or 4% of global annual turnover – whichever is highest. A data controller is an individual who determines how and why personal data is to be processed, and a processor is someone who does the actual processing.
The British government has made it clear that the GDPR will continue to apply post-Brexit. And it is not only businesses that will be affected. Charities, NGOs, local government and healthcare providers will all need to ensure they are fully compliant with the incoming regulations. Tier 1 Entrepreneur Visa holders who plan to invest in a start-up need to be aware that new ventures must be compliant with the GDPR from day one.
The Information Commissioner’s Office (ICO) will be responsible for enforcing the GDPR in the UK.
The GDPR contains six general principles as laid out in Article 5, which directs that all data must be:
- Processed fairly, lawfully and transparently;
- Collected for specified legitimate purposes only;
- Adequate, relevant and limited to what is necessary in relation to its purpose;
- Accurate and kept up to date;
- Stored for no longer than is necessary; and
- Processed in a way that ensures appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage.
How to achieve GDPR compliance?
The most important first step to GDPR compliance is to conduct a full audit of all your data, establishing what your organisation currently holds, where it is kept and who has access to it. Any weaknesses in your data protection policies and procedures should be identified and dealt with.
You will need to ensure that the personal data your organisations collects is gathered legally and within strict legal guidelines. When processing the data, make sure it is protected from misuse and/or hacking and be available to its owner if requested.
Each business will have its own method for achieving GDPR compliance as there is no ‘one size fits all’ model available.
The ICO states; "You are expected to put into place comprehensive but proportionate governance measures. Ultimately, these measures should minimise the risk of breaches and uphold the protection of personal data. Practically, this is likely to mean more policies and procedures for organisations, although many organisations will already have good governance measures in place."
After making a detailed review of the data held, your organisation should take the following steps to meet compliance:
- Appoint a Data Protection Officer (DPO). This is a requirement under the GDPR if you:
- are a public authority (except for courts acting in their judicial capacity);
- carry out large-scale systematic monitoring of individuals (for example, online behaviour tracking); or
- carry out large-scale processing of special categories of data or data relating to criminal convictions and offences.
Even if you are not required to appoint a DPO, it is good practice to have someone in charge of data protection who will ensure your organisation reaches compliance and continues to comply with the regulations going forward.
- Communicate GDPR requirements throughout your business. Make sure those who are processing data understand the new legal framework. For example, if your marketing team is collecting and processing data to conduct direct marketing campaigns, they must be aware of the GDPR requirement that consent to use data must be clearly and expressly provided by the owner. This is likely to be best achieved by adopting a policy of ‘opt-in’ consent from May 2018 rather than ‘opt-out’; the model which many companies currently use*.
- Make sure all your organisation’s data, whether contained on a mobile device or a personal computer reaches a central location for storage. One of the primary GDPR requirements is that any data breach must be reported to the ICO within 72 hours of you becoming aware of it, and if the breach is likely to result in a risk to people’s rights and freedoms. If your business is a multi-national with several servers and individuals storing data on individual devices, tracking down where the breach occurred and who has been affected can be like trying to find a needle in a haystack. Although the ICO will not expect a full-scale report immediately following a breach, it will want details of the likely scope and the reason for the breach, mitigation actions you plan to take, and how you will address the problem. Having data stored in a centralised system (taking care to encrypt it) can save valuable time if a breach occurs. In addition, data owners will be able to demand access to their data and for it to be erased from your system under the GDPR. This is much easier to achieve if everyone knows where all the data relating to an individual is kept.
In summary
Preparation for the GDPR should be on the radar of all companies before we move into 2018. And if you plan to move to the UK in the New Year to join an existing business or launch a start-up, it is crucial that you understand the compliance requirements.
* An example of an ‘opt-out’ clause is “Please tick if you do not wish to receive updates on our latest offers and products.
OTS Solicitors is one of the most respected immigration law firms in London and is a Legal 500 leading firm. By making an appointment with one of our business immigrationsolicitors, you can be assured of receiving some of the best legal advice available in the UK today. Please contact us on 0207 936 9960.