General Data Protection Regulation
The GDPR has been in force since 2018 and aims to ensure that all firms processing personal data of EU individuals observe all six GDPR principles. Additionally, it requires that the same firms are able to demonstrate their compliance with the six principles through its accountability framework. Failure to either follow or demonstrate the following of the GDPR principles will bring heavy fines ranging between 2-4% of the annual turnover. We are here to help you satisfy both of these requirements.
Laven can help new and start-up firms with all aspects of their data privacy compliance obligations. We can help build strong robust Data Protection policies that will scale with your business and ensure you are not caught out later down the line.
Laven has an experienced team of Data Privacy experts on hand to provide firms with:
The majority of existing firms we encounter have some policies and procedures in place, but they are either not extensive enough or aren't clear enough to staff that renders them ineffective. Laven can perform a full review of your current GDPR policies and provide updates and recommendations where necessary. We can also provide you with:
Laven will assist your firm in the analysis of the type of data it manages and processes as well as how information is transferred across jurisdictions. The analysis is a key requirement of the GDPR under article 30. Further we can assist organisations with Gap assessments aiming to analyse all of their data processing activities and their impact on the protection of personal data.
Our analysis reviews the ways your Firm currently processes/manages data and breaks down each process and client data collection points, the corresponding workflow, and where these need to be adapted for GDPR. Our review includes reading your policies or related procedures as well as staff and departmental interviews. We then advise on action points, and how to update and/or create policies in order to comply with the GDPR. You can also purchase a template assessment excel based report to carry out your own assessment.
Laven may create or update your policies to achieve GDPR compliance. We will involve team members from relevant departments, focused on these responsible for data protection, compliance officer or chief information officer to ensure that all Firm’s processes are captured within the policy documents. See GDPR Accountability Toolkit for easy storage.
If your Firm needs a stand alone Privacy Notice, we a comprahensive set of templates that can be tailored to suit your firm. It provides clear and transparent information on how your Firm processes their personal data in accordance with art 13 an 14 GDPR. Laven will create bespoke privacy notices to address your client base and employees which will highlight your compliance with the requirements of the GDPR principles of lawfulness, fairness and transparency.
Once you have all the appropriate documentation in place the GDPR also requires firms to demonstrate compliance and accountability through record keeping. Laven Tech provides you with a ready to go GDPR Accountability Framework and streamlines the process of monitoring and record keeping in line with the regulation.
Your Firm must ensure that the personnel working with personal data are trained appropriately in this area. The Privacy by Design principle expressed in article 25 of the GDPR requires the Firm to implement appropriate technical and organisational measures to ensure security for any Personal Data. Training is a key part of that. Further, the GDPR aims to change the culture around the handling of Personal Data within organisations and that is impossible without effective training.
Laven offers other regulatory online training courses.
Laven will help you determine who can be your Data Protection Officer ('DPO') or specify the role and responsibilities of your privacy officer; including one-on-one coaching for any incoming or existing roles to ensure that they understand the extent of their responsibilities.
We offer EU representative (EuroRep) services to non-EU firms, enabling proactive GDPR compliance with little to no interruption. EuroRep will be your Representative in all European member states, and the point of contact for customers and authorities in the EU regarding privacy. If you are an EU-based company and hold data on UK citizens the Information Commissioner's Office (ICO) will require you to have a UK Data Representative.
We have a long history of data privacy expertise and work openly with specialised consultants to ensure our clients' peace of mind.