Data Protection Consultancy

There are three pieces of legislation which form the basis of the data protection rules in the UK, the General Data Protection Regulation (GDPR) which came into force in 2018, the Data Protection Act (DPA) 2018, and the Privacy and Electronic Communication Regulation (PECR).

The regulations are detailed and complicated and the way they impact on one another can be difficult to understand. Add in industry specific laws and requirements, and things can feel very confusing.

We cut through the complexity to make things simpler for your business, helping you make sense of the things you need to do to protect it.

IOLIS helps you incorporate effective data protection into everything you do, including your organisational culture and policies.

Under GDPR and the DPA 2018, people have the right to know what personal information your organisation holds about them.

They can submit a Subject Access Request (SAR) asking for copies of the data and ask you for the legal basis for holding it, how long you’ll keep it, and other details about what happens to it.

This can include requests from customers, potential customers, suppliers, members, employees, and ex-employees.

It can also include people with whom you have a dispute, such as former employees. As more people understand their rights, the number of SARs is growing, too.

So, should you send the information or not? Will it cause more problems later? What happens if the data mentions other people?

The answers to all these questions depend on the exact information and circumstances and getting specialist, experienced advice will help you avoid potential pitfalls.

IOLIS gives you all you need to fulfill your legal duties on SARs without damaging your business or its reputation unnecessarily. We’ll also help you avoid being the subject of a complaint to the ICO.