Search site
Our People
Contact our offices
Make an enquiry
How can we help?
The Privacy and Electronic Communications Regulations (PECR) provide people with specific privacy rights regarding the receipt of electronic communications.
There are specific rules on marketing calls, emails, text messages, cookies, surveillance and data gathering technologies, use of customer web traffic and location data, itemised billing, and use of directory listings. There are also rules about keeping communications services secure.
PECR is due to be updated very soon. It is expected that the updated regulations will be brought in-line with the GDPR so that the two sit together harmoniously. Financial penalties for breach of PECR are also expected to be consistent with the fines under the GDPR i.e. up to 4% of your annual global turnover for the preceding financial year or £18 million – whichever is greater – for a more serious infraction.
loading staff
Marketing and promotional activities are a central pillar for the vast majority of businesses. As a small business owner, you may engage in marketing yourself. Alternatively, if your business is larger, you may have a dedicated marketing department. Perhaps your business offers marketing services to others. Regardless of the circumstances, it is crucial for all businesses engaged in marketing to have good awareness of both the PECR and the GDPR.
If you would like to discuss the Privacy and Electronic Communications Regulations with our data privacy experts call us now on 0203 816 9274, alternatively please complete our online enquiry form and a member of the team will contact you directly.
We can assist with a wide range of specific services, including:
There’s a lot to think about when it comes to complying with data protection law…
We are here to take away the stress – allowing you to concentrate on your business.
Data Protection Officer (DPO) Services by Stephensons. Outsourced DPO services for business
One of our data protection experts can act as your DPO and handle everything from audits to staff training. As lawyers, we can also handle issues that many DPO’s can’t – such as defending legal claims and representing you at court.
Services included:
What are the advantages to outsourcing your DPO role to us?
*Cost of legal representation/litigation, commercial and employment law advice and services and advice and services from Stephensons Risk Management Ltd not included with this service.
If your organisation is looking to acquire another business or should you be planning to merge with another company, compliance with data protection law including the GDPR will be an important aspect of your due diligence. If you are looking to ensure that you or the company that you are interested in acquiring are compliant, we can assist you with a compliance audit. We can offer competitive fixed fee services for our compliance audits.
If you are currently preparing for the GDPR or if you are otherwise concerned about your organisation’s compliance with data protection laws, whether your policies and procedures are adequate, whether your staff have adequate training and whether your organisation may be vulnerable to a data breach, then we can help by reviewing your process and procedures. We can then advise you regarding the areas where you may be vulnerable and explain what you should do to minimise the risk.
As part of a data protection audit, we will visit you on-site and talk to you about your current procedures. We will review any current data protection policies you have and examine all areas where your organisation carries-out data processing activities. We will then provide you with a written report to show you the results and identify the areas where you may need to improve in order to be compliant.
If you are preparing for the GDPR, a data protection audit is the ideal starting point and is an essential step in demonstrating your compliance and conforming to the GDPR’s accountability principle.
Data protection impact assessments assist organisations to plan for significant changes by anticipating how planned changes might impact upon compliance with data protection laws and the legal rights of individuals when it comes to data privacy. They incorporate the “privacy by design” principle by putting data privacy compliance at the heart of new projects and ventures. They enable businesses to anticipate problems and avoid the costs that can come with non-compliance. Looking to the future, they will enable organisations to comply with the privacy by design requirements of the GDPR.
Situations where you should definitely conduct a data protection impact assessment include projects that will utilise new or upgraded technology or that involve any high risk processing i.e. processing that is likely to adversely affect the rights and freedoms of individuals. Examples included systematic and extensive processing, profiling, processing that will influence decisions relating to legal rights, large scale processing of sensitive personal data (known as “special categories” of data under the GDPR) or processing personal data relating to criminal convictions or offences and large scale systematic monitoring of public areas including the use of CCTV or other surveillance methods and systems.
If you are engaged in processing of this nature or if you are embarking on a new project, we can assist you with a DPIA and help you prepare properly.
Policies and procedures are a critical part of any organisation’s compliance with data privacy law. They are likely to be the first port of call for the ICO should there be an investigation. They are also likely to form an important part of defending any legal claims brought against your organisation relating to data privacy issues.
It is essential that you have adequate policies and procedures in place. The detail of your data protection policies will depend on the nature of your organisation and the types of data processing activities that you engage in. Depending on the nature of your business, you may have a number of policies relating to different aspects of data protection or a single policy covering up to 30 different aspects of data protection.
We can help you to identify what policies and procedures you should have in place – depending on the nature of your business and how to implement them. We can assist you with drafting, amending and updating policies where required as well as staff training.
The GDPR requires you to ensure that contracts and service user agreements with your third party processors make adequate provision for data privacy issues. You will be required to ensure that your agreements set out clearly the rights and obligations of each party. Ensuring that your agreements are up to date and property drafted will not only help you to ensure compliance with the GDPR, they will also assist you in seeking redress if a data processor mishandles data for which you are the data controller and in defending complaints and litigation brought by an individual for a data breach. This will be critical under the GDPR given that data controllers will be jointly responsible for data breaches committed by their data processors.
We can assist you with reviewing, drafting, amending and updating contracts, service level agreements and terms and conditions.
If you are not presently facing any complaints or legal claims but you are concerned about your organisation’s compliance with data protection laws and are looking for an indication as to whether you are compliant, contact us now for a health-check. We will talk to you about your current data processing and identify areas that you should address to improve compliance.
Staff training is an essential part of ensuring compliance with data protection law. The vast majority of data breaches occur due to human error. Training your staff regularly can help to ensure that your employees are aware of their obligations under the law and know how to spot potential problems. Being able to demonstrate that you have trained your staff properly is a crucial element of ensuring your compliance with the General Data Protection Regulation (GDPR) and is likely to be one of the first things that a regulator would want to see in the event of an investigation. We recommend that you train new staff on induction and provide regular refresher training to existing staff.
We can provide you with user-friendly, plain speaking and straight-forward training on all aspects of data protection law including the GDPR. We can provide longer, more in-depth sessions or short refresher sessions depending on your needs, however, all sessions are designed to be practical and easy to follow. We can provide you with bespoke training that is specific to your sector so that your staff receive practical guidance designed to assist them in their day-to-day roles.
If you have received a subject access request (SAR) and you are unsure about how to deal with it, then we can advise you. It is important to deal with such requests in accordance with the rules specified by the law. Failure to do so could lead to complaints and potentially fines being imposed. This could also leave you vulnerable to compensation claims being brought against your organisation via the courts. The rules regarding what information you have to provide in response to a SAR can be complex. We can advise you if you have received a SAR. We can also respond to the data subject on your behalf.
If a customer or client has made a complaint against your organisation concerning a breach of data protection, then we can help. We can advise you fully about how to deal with a complaint. We can advise you regarding the individual circumstances of the complaint and deal with the matter on your behalf. It is important to respond to complaints adequately and promptly. Failure to respond properly could result in further costly action being taken against your company.
If a complaint has been referred to the Information Commissioner’s Office (ICO), then we can help you with this. We can advise you fully regarding the complaint and what steps you should take. We can correspond with the ICO on your behalf.
If your organisation has breached data protection or if you’re concerned that a breach may have occurred, then we can assist you. We can advise you on how to contain the breach and what steps you should take immediately following a breach to minimise damage and prevent the breach from happening again. We can also advise you on when you are required to report a breach to the ICO and the data subject(s) affected.
We can advise you fully regarding each individual case and assist you in taking the appropriate action. If your organisation is sued or if you have received a letter from a customer, or a solicitor acting on their behalf, informing you that they intend to sue your company for an alleged breach of the Data Protection Act, misuse of private information or breach of confidence, then we can assist. We can advise you fully regarding the claim, how you might be able to defend against it and what you should do in response. We can write to complainants and their solicitors on your behalf and represent you at all stages in the case including any court proceedings and hearings.
We're Great
It is our business to deliver legal services that work for our clients, and you can trust our specialists to take care of things on your behalf.
The Financial Conduct Authority (FCA) PPI deadline of 29 th August 2019 is fast approaching. There has been widespread advertising both by the FCA and claims management companies advising consumers of the impending deadline. As such it is anticipated that...
Twitter block 1 tweet
SolicitorsLLP
A brace of wins for Stephensons at the Modern Law Conveyancing Awards
The national law firm, Stephensons, has won a brace of awards at this year’s Modern Law Conveyancing Awards . Stephensons collected awards for Property Team of the Year and Best Use of Technology and was Highly Commended in the Conveyancing...
Civil liberties reorder
