Linkedin IconInsta Icon

Should you require any advice regarding compliance 1 year on from GDPR please contact the CooperBurnett Solicitors LLP Commercial team.

Associate Solicitor, Thomas Newlyn, looks at the legal steps CooperBurnett LLP has advised on in the past year since the implementation of the General Data Protection Regulations (GDPR) and the Data Protection Act 2018 (DPA 2018).

Whilst the list is non-exhaustive, CooperBurnett LLP has advised local businesses, organisations and charities on a number of legal documents in the past year, including privacy policies, terms and conditions and data processor agreements. 

Privacy Policy

A privacy policy sets out the information that the GDPR specifies you need to tell individuals when your business is collecting personal data from them. Certain information to be provided is mandatory whilst, in other instances, the information to be provided depends on the particular circumstances of your business and how and why an individual’s personal data is used. 

Information that should always be provided in a privacy policy includes the name and contact details of your organisation/business, the purposes of the processing, the lawful basis for the processing, the retention periods for the data, the rights available to individuals in respect of the processing and the right to lodge a complaint with a supervisory authority. Information that may be provided (if relevant) includes the contact details of your business’ data protection officer, the recipients of personal data and details of transferring data to third countries or international businesses. 

CooperBurnett LLP has both effectively advised businesses on their privacy policies and drafted new privacy policies during the past year. 

Terms and Conditions

A business’ terms and conditions are important because they set out the contractual relationship between a business and its customers. Your business’ standard terms and conditions need regular review to ensure they take account of business changes undertaken or legislative changes. 

During the past year, CooperBurnett LLP has reviewed numerous businesses’ terms and conditions to advise not only on compliance with the new data protection laws (GDPR and DPA 2018) but also other legislative changes. 

Data Processor Agreements

The GDPR makes it clear that whenever a data controller (individual who determines the use of personal data) uses a data processor (individual who processes the personal data on behalf of the controller), there must be a written agreement in place. In addition, the GDPR sets out what is to be included in the agreement. 

The agreement should include the subject matter of the processing, its nature and purpose, its duration, the controller’s obligations and rights, the types of personal data and the categories of data subject. 

CooperBurnett LLP has also advised on the implementation of other policies, including data retention and destruction policies and social media policies and has provided advice on practical steps your business should take in order to be compliant with the GDPR and the DPA 2018.

Should you require any advice regarding compliance and/or the steps your business should be taking one year on from the implementation of the GDPR and the DPA 2018, please contact a member of the CooperBurnett LLP Commercial team on tel: 01892 515022.

featured Categories:


May 28, 2019
Get In Touch


Related articles you might like...

We use basic cookies to enhance your experience. By continuing to visit this site you agree to our use of cookies. More info