End to End
Data Protection & GDPR Legal Services
GDPR and Data Protection Compliance is a legal requirement for all businesses.
In the same way that Vehicle Insurance is not optional, all businesses of any size must be compliant with GDPR and be able to demonstrate they are to the Information Commissioners Office (ICO), the public and their Suppliers and Trading Partners in Business.
Some business owners are surprised when a supplier or a customer asks them if they are GDPR compliant but they shouldn’t be. The Supplier or Contractor has a legal duty to make the enquiry and for a customer they are simply showing they are smart enough not to give their money or personal data to a business that can’t be trusted with it!
A) FREE GDPR Legal Advice
Failure to have Data Protection procedures or to follow them are offences for which the owner can be heavily
fined, get a Criminal record and be named and shamed on the ICO Website.
1) Often business owners are unaware of the impact of GDPR on their business and those that do know about it
rarely know what to do to protect themselves.
2) Transition Law offers completely FREE GDPR Legal Advice to any business owner using our time tested and
proven 1,2,3, system
i) FREE Telephone Advisory Service – A 20-30 minute telephone call with an experienced GDPR legal advisor.
ii) FREE Bespoke Legal Advice – GDPR is all about creating policies and procedures which have been created especially for your business. Copying & Pasting someone else’s won’t do and is illegal.
iii) FREE Written Business Assessment Report. Following the telephone call, we email you a written report on
the current GDPR status of your business and a step by step list of what you have to do to achieve compliance.
3) Full Details of the Free Advice 1,2,3 system are available on our A5 ‘Small Business Owners’ Card and on our
Legal Services page HERE.
B) Funding Your Compliance
Having established the needs of each business and explained the legal necessity of compliance, most owner’s minds turn to the cost of meeting them.
GDPR compliance is something that can be achieved ‘in house’ but the specialist legal knowledge required to write compliant documents that will stand up to scrutiny is often not available and hiring trained Data Protection staff is usually prohibitively expensive.
1) Transition Law offers a full GDPR & Data Protection compliance package aimed at SMEs but fully scalable to
accommodate any size of business large or small.
2) We have searched the marketplace for Grant funding related to achieving Data Protection compliance without
success. Grant funders consider they will not pay for things a business is required to do by Law.
3) Transition Law has managed to arrange Business Angel Funding which can be used for achieving GDPR
compliance in the form of 100% Match Funding.
To access the Match Funding a business must fit the following criteria:
i) The Business must have been formed and be based in the UK.
ii) The Business must be able to register with the ICO at Tier 1 or Tier 2.
Plus ONE or more of the following:
a) Be a Member of a UK Chamber of Commerce.
b) Be referred for funding through a UK Business Growth Hub.
c) Operate in a Business Improvement District (BID).
d) Has fewer than 10 Employees.
e) Be a CQC registered care business.
f) Be a Registered Charity.
g) Be a Community Interest Company. (CIC)
h) Be a ‘Not for Profit’ Company.
5) Further details on 100% Match Funding available HERE.
6) Once compliant, a business can use the fact to its advantage. Advertising their compliance puts a business
ahead of non-compliant competitors.
7) Compliance is an extremely useful marketing tool if the benefits of dealing with a compliant business are fully
understood and communicated to prospects. We have seen compliant businesses gain large amounts of new
work which they would not otherwise have been able to access.
C) Transition Law S.H.I.E.L.D.
Differentiating a business which is compliant from one that is not can be a difficult task for consumers and Suppliers alike. Consequently, we have created a recognition and accreditation system for compliant businesses called Transition Law S.H.I.E.L.D.
1) The SHIELD programme is Free of Charge to any compliant business. It can be used to demonstrate GDPR
compliance and set them apart from a non-compliant competitor. Drawing attention to their SHIELD
membership will greatly improve public confidence in them as a business and create opportunities for new
business which is only available to compliant firms.
2) Every SHIELD Holder is allocated a page on the Transition Law SHIELD Web portal which they can link to their
own website. The business can also use the SHIELD logo on their website, emails and business stationery.
3) As a SHIELD Holder the business can access Member benefits such as a Legal Helpline for Data Protection
queries, Compliant Marketing advice to keep them safe and legal along with help for responses to Subject
Access Requests and Data Breaches, should one occur.
4) Full details of membership are available in the Membership Booklet HERE.
D) Data Protection Training
1) One of the primary tasks for compliance in GDPR and Data Protection is to ensure all staff members are
trained in the protocols. This is especially important where the staff are customer facing because they can be
the recipient of a Data Protection Statutory Enquiry, known as a Subject Access Request.
2) A Subject Access Request can arrive in any form, including verbal, they are time limited and If the staff don’t
know what it is or how to deal with it, they can cause the business to pass the allotted time for a response and
risk being reported to the ICO or even fined.
3) Transition Law has developed a series of workshop presentations for GDPR training which are suitable both
for business owners and staff. The presentations are tailored to the bespoke needs of the business and can run
from an hour up to a full weekend of interactive ‘Bootcamp’ activities.
4) Using bespoke packages for staff training demonstrates a ‘Culture of Compliance’ within your business which
the ICO investigators will be looking for should the business become subject to an official Audit following a
Data Protection Complaint.
5) Data Breaches under GDPR must follow a self-reporting system, where the business is required to send
notification of the Data Breach to the ICO within 72 Hours. The initial report is done Online.
NB: It is not possible to report a Data Breach without answering questions about the training any relevant
staff members have received.
6) It is of the highest importance that staff training includes sufficient elements of Data Protection Law and
practice so that all staff recognise their responsibilities under the Regulations. At the very least, staff should
understand what is required of them in Law, be able to recognise a data Breach and a Subject Access Request
along with the timescales businesses have for responding to each. Any training session should make clear to
staff the financial penalties available both to themselves personally and the business itself.
7) Company Directors should be aware that the ‘Veil of Incorporation’ often provides no protection in GDPR
prosecutions. The ICO have established a procedure of issuing fines to Companies and waiting to see if the
Company attempts to voluntarily wind up its affairs. If this occurs they issue a High Court injunction
to prevent the winding up and subsequently make an application for the Director(s) to be disqualified, so
they cannot simply open a new Company and carry on as before.
NB: Recent figures released by the ICO state that so far they have disqualified 16 Directors for a total of over
100 years. They announced this as having ‘reached a Century’.
8) The ICO has the power to fine a business a maximum of 4% of its turnover or 20 Million Euros whichever is
more. Fines for UK SME businesses during the last 12 months have mostly been in the £40,000 - £180,000
range but with some larger businesses being fined substantially more.
E.g. British Airways £183 Million and Marriott hotels £99 Million.