• Twitter Social Icon
  • LinkedIn Social Icon

Transition Law is a compliant business under GDPR & UK Data Protection Law. Click the S.H.I.E.L.D to verify our status

SHIELD Transparent.png

©2019 by Transition Law.

Transition Law is a Data Controller under the provisions of the
Data Protection Act. Our ICO Registration Number is: ZA298185

End to End

Data Protection & GDPR Legal Services

 
Contract

Introduction

 

GDPR and Data Protection Compliance is a legal requirement for all businesses.

 

In the same way that Vehicle Insurance is not optional, all businesses of any size must be compliant with GDPR and be able to demonstrate they are to the Information Commissioners Office (ICO), the public and their Suppliers and Trading Partners in Business.

 

Some business owners are surprised when a supplier or a customer asks them if they are GDPR compliant but they shouldn’t be. The Supplier or Contractor has a legal duty to make the enquiry and for a customer they are simply showing they are smart enough not to give their money or personal data to a business that can’t be trusted with it!

 

 

A)         FREE GDPR Legal Advice

 

              Failure to have Data Protection procedures or to follow them are offences for which the owner can be heavily 

              fined, get a Criminal record and be named and shamed on the ICO Website.

 

1)            Often business owners are unaware of the impact of GDPR on their business and those that do know about it

               rarely know what to do to protect themselves.

 

2)            Transition Law offers completely FREE GDPR Legal Advice to any business owner using our time tested and

               proven 1,2,3, system

 

               i) FREE Telephone Advisory Service – A 20-30 minute telephone call with an experienced GDPR legal advisor.

             ii) FREE Bespoke Legal Advice – GDPR is all about creating policies and procedures which have been created                especially for your business. Copying & Pasting someone else’s won’t do and is illegal.

               iii) FREE Written Business Assessment Report. Following the telephone call, we email you a written report on  

               the current GDPR status of your business and a step by step list of what you have to do to achieve compliance.

 

3)            Full Details of the Free Advice 1,2,3 system are available on our A5 ‘Small Business Owners’ Card and on our

               Legal Services page HERE.

 

 

B)         Funding Your Compliance

 

Having established the needs of each business and explained the legal necessity of compliance, most owner’s minds turn to the cost of meeting them.

 

GDPR compliance is something that can be achieved ‘in house’ but the specialist legal knowledge required to write compliant documents that will stand up to scrutiny is often not available and hiring trained Data Protection staff is usually prohibitively expensive.

 

1)            Transition Law offers a full GDPR & Data Protection compliance package aimed at SMEs but fully scalable to 

               accommodate any size of business large or small.

 

2)            We have searched the marketplace for Grant funding related to achieving Data Protection compliance without

               success. Grant funders consider they will not pay for things a business is required to do by Law.

 

3)            Transition Law has managed to arrange Business Angel Funding which can be used for achieving GDPR 

               compliance in the form of 100% Match Funding.

 

               To access the Match Funding a business must fit the following criteria:

 

                i)             The Business must have been formed and be based in the UK.

                ii)            The Business must be able to register with the ICO at Tier 1 or Tier 2.

                         

                Plus ONE or more of the following:

                               

                                a)            Be a Member of a UK Chamber of Commerce.

                                b)            Be referred for funding through a UK Business Growth Hub.

                                c)            Operate in a Business Improvement District (BID).

                                d)            Has fewer than 10 Employees.

                                e)            Be a CQC registered care business.

                                f)             Be a Registered Charity.

                                g)            Be a Community Interest Company. (CIC)

                                h)            Be a ‘Not for Profit’ Company.

 

5)             Further details on 100% Match Funding available HERE.

6)            Once compliant, a business can use the fact to its advantage. Advertising their compliance puts a business

               ahead of non-compliant competitors.

 

7)            Compliance is an extremely useful marketing tool if the benefits of dealing with a compliant business are fully

               understood and communicated to prospects. We have seen compliant businesses gain large amounts of new

               work which they would not otherwise have been able to access.

 

 

 

C)         Transition Law S.H.I.E.L.D.

 

Differentiating a business which is compliant from one that is not can be a difficult task for consumers and Suppliers alike. Consequently, we have created a recognition and accreditation system for compliant businesses called Transition Law S.H.I.E.L.D.

 

1)            The SHIELD programme is Free of Charge to any compliant business. It can be used to demonstrate GDPR  

               compliance and set them apart from a non-compliant competitor. Drawing attention to their SHIELD

               membership will greatly improve public confidence in them as a business and create opportunities for new 

               business which is only available to compliant firms.

 

2)            Every SHIELD Holder is allocated a page on the Transition Law SHIELD Web portal which they can link to their

               own website. The business can also use the SHIELD logo on their website, emails and business stationery.

 

3)            As a SHIELD Holder the business can access Member benefits such as a Legal Helpline for Data Protection

               queries, Compliant Marketing advice to keep them safe and legal along with help for responses to Subject

               Access Requests and Data Breaches, should one occur.

 

4)            Full details of membership are available in the Membership Booklet HERE.

 

 

 

D)           Data Protection Training

 

1)            One of the primary tasks for compliance in GDPR and Data Protection is to ensure all staff members are

               trained in the protocols. This is especially important where the staff are customer facing because they can be

               the recipient of a Data Protection Statutory Enquiry, known as a Subject Access Request.

 

2)             A Subject Access Request can arrive in any form, including verbal, they are time limited and If the staff don’t

                know what it is or how to deal with it, they can cause the business to pass the allotted time for a response and

                risk being reported to the ICO or even fined.

 

3)             Transition Law has developed a series of workshop presentations for GDPR training which are suitable both 

                for business owners and staff. The presentations are tailored to the bespoke needs of the business and can run

                from an hour up to a full weekend of interactive ‘Bootcamp’ activities.

 

4)             Using bespoke packages for staff training demonstrates a ‘Culture of Compliance’ within your business which

                the ICO investigators will be looking for should the business become subject to an official Audit following a

                Data Protection Complaint.

 

5)              Data Breaches under GDPR must follow a self-reporting system, where the business is required to send

                 notification of the Data Breach to the ICO within 72 Hours. The initial report is done Online.

 

                 NB: It is not possible to report a Data Breach without answering questions about the training any relevant

                 staff members have received.

 

6)              It is of the highest importance that staff training includes sufficient elements of Data Protection Law and

                 practice so that all staff recognise their responsibilities under the Regulations.  At the very least, staff should

                 understand what is required of them in Law, be able to recognise a data Breach and a Subject Access Request

                 along with the timescales businesses have for responding to each. Any training session should make clear to

                 staff the financial penalties available both to themselves personally and the business itself.

 

7)              Company Directors should be aware that the ‘Veil of Incorporation’ often provides no protection in GDPR

                 prosecutions. The ICO have established a procedure of issuing fines to Companies and waiting to see if the

                 Company attempts to voluntarily wind up its affairs. If this occurs they issue a High Court injunction

                 to prevent the winding up and subsequently make an application for the Director(s) to be disqualified, so

                 they cannot simply open a new Company and carry on as before.

 

                 NB: Recent figures released by the ICO state that so far they have disqualified 16 Directors for a total of over

                 100  years. They announced this as having ‘reached a Century’.

 

8)              The ICO has the power to fine a business a maximum of 4% of its turnover or 20 Million Euros whichever is

                 more. Fines for UK SME businesses during the last 12 months have mostly been in the £40,000 - £180,000

                 range but with some larger businesses being fined substantially more.

                

                  E.g. British Airways £183 Million and Marriott hotels £99 Million.