GDPR...a very tender question!

Since the dreaded GDPR deadline hit us last May, businesses are increasingly being held to account for how they manage personal data. Customers are also starting to take notice of their rights in managing and protecting their own personal data too. GDPR is here to stay, so being able to deal with the impact makes good business sense.

In particular you need to be prepared if your potential customers ask you to respond to RFPs or take part in other tender processes. You will likely start to see an increase in the questions relating to how you manage personal data and keep it secure, what activities and training you have undertaken to be GDPR compliant and how can you demonstrate this.

Relying on having carried out a review of your customer mailing list and recently updating your privacy notice is simply not enough. To understand the scrutiny you could face, here are some questions we have seen in recent procurement exercises:

Provide details of the exact technical and organisational measures which ensure your compliance with GDPR for all personal data that you hold.
Are all your staff fully trained in GDPR and other relevant data protection legislation? Please provide evidence of training content and attendance.
Provide details of the appropriate measures your organisation has implemented to secure its systems and data against internal and external threats and risks; and the process you take to continuously review and revise those measures to address ongoing threats and risks.

In order to provide evidence and details of the measures taken to ensure compliance, an organisation will have needed to go through a series of activities that will include:

Identifying a person responsible for data protection
Mapping all the types of personal data your organisation collects and uses
Identifying who accesses that information inside and outside of the organisation and ensuring systems and data are secure
Assessing how long information is legitimately held for
Determining the lawful basis for processing that data and the impacts of data loss

This is just the start, it is important to undertake a risk assessment to understand how data is stored and how it is kept secure and ensure you have the right physical and IT protection in place. With this information in hand, an organisation will be able to consider what policies they need to have in place or develop and what processes should be put in place to deal with issues such as data breaches and data requests from those whose information they may process. You will also need to train your staff to ensure they understand their responsibility to help you protect personal data.

If an organisation has worked through these stages, acted to improve security and compliance and documented this activity and training they will then have not only taken the necessary compliance steps but will be able to evidence this too when faced with such questions.

It is business critical for larger organisations to be GDPR compliant and this is filtering through their supply chain. So now whilst there is a perceived period of grace, it’s a good time to finish the process you may have started. Besides, demonstrating your compliance can position your brand as industry leading, help you stay ahead of competitors and will certainly help protect your business from the threat and risks of data loss or theft.

How we can help

If you’ve got all this covered then pat yourself on the back as it sounds like you’re on your way to being GDPR compliant. If not or if you have any questions send us an email today and we’ll happily discuss your needs in more detail.

You may want to consider using an online support tool like Astrid – specifically if you are just starting your compliance journey or if you have taken some steps but have not yet completed the process or need a good way to document what steps you’ve taken. Developed with SMEs in mind, the secure platform shows you what you need to do, and gives you the tools and information you need to improve your data protection, and become and remain compliant with the GDPR. This includes a secure portal in which to hold your data protection evidence and a training module enabling you to train, and evidence training of, staff. On completion of the compliance process, Astrid awards a certificate, giving you evidence to demonstrate your commitment to compliance to your employees, customers and other contacts. If you want to discuss this tool or any of your GDPR requirements again please get in touch.

What do our clients think?

Having an experienced lawyer as your single point of contact to manage legal matters effectively whilst providing pragmatic solutions is exactly what you get from LegalEdge
Legal & Compliance Officer - Distributed
LegalEdge’s practical approach to our day-to-day legal requirements has been second to none. I highly recommend their commercial contract support – it’s a game changer.
COO/CFO - Fluent Commerce
We’re very pleased with the work LegalEdge are doing for us. We’re getting quick and decisive responses that are really helping us move forward.
FINANCE & OPERATIONS DIRECTOR - DEPOP
Our original MSA was very one-sided and not favourable to us, with LegalEdge’s help getting this agreement in place we have significantly reduced the risk to the agency.
Operations Director – Contracts and Commercial, - The Social Element
LegalEdge has provided unparalleled legal support to our EMEA business as our in-house lawyers to help us negotiate our software license contracts successfully and quickly.
VP & GM EMEA - Wherescape
The Intellectual Property audit provided by LegalEdge was extremely thorough. Securing our IP is enabling us to scale confident that our brand is protected under the law.
Founder - Arishi
It’s not an understatement that the new contracts gave us a lot of confidence in negotiating. It sets the right tone with our clients that we know what we are doing.
Operations Director - OneSixOne
I don’t always need the technicalities of a matter; LegalEdge provide pragmatic solutions that help us to close the deal.
Co-founder - Lexonis
LegalEdge has provided excellent, commercially focused advice as part of our in-house legal team that has helped us close contracts with our customers and partners.
CEO - Diona
The fact that all their lawyers have worked inside businesses means they are commercial, pragmatic and know exactly how to prioritise what’s important.
COO - Squirro
Having made the decision to outsource our legal work, we have been extremely impressed by how quickly LegalEdge have quickly understood our business.
Commercial Director - The Social Element
LegalEdge understood our needs more than any traditional law firm had before: we were able to dip in and dip out of their services, they acted like a general counsel for us.
Co-Founder - Young Foodies
LegalEdge are awesome at taking complex ideas and turning them into simple contracts whilst streamlining processes to make it easy to do business.
Founder - Lola Tech, a DataArt company
The LegalEdge team just intuitively understood our business and needs, picked up the matters that needed dealing with, and ran with them.
General counsel - The Engine Group
Working with a professional squad like LegalEdge on the legal stuff means, as CFOs, we can focus on what we’re good at – the numbers!
Founder - Emergeone
LegalEdge were brilliant from start to finish in helping us to develop a proper brand strategy and implementing it.
CEO - Placemake.io
LegalEdge have been fantastic advisers to our business. Between shareholder agreements & fundraise, Trademark & IP, and commercial agreements, we deeply value their guidance.
Co-Founder - Days Brewing
Having worked closely with LegalEdge I have no hesitation in recommending them to any business requiring smart, articulate and professional legal counsel.
Founder - Low Carbon Group
Working with LegalEdge has been a breath of fresh air! They have provided a unique, entrepreneurial approach to legal services within a rapidly growing organisation.
COO and Co-Founder - hybris GmbH (now a SAP company)
The support we have received has been first class – from day one. LegalEdge have gone above and beyond to truly understand our business.
Director EMEA Operations - Stella & Dot
The ideal solution for the busy in-house counsel who is unable to add a permanent head as you have the ability to flex support without the need to rely on expensive law firms.
Vice President and EMEA Managing Counsel - World-Check [now Thomson Reuters]
LegalEdge’s experience has proven invaluable as they have picked up, negotiated and completed contracts with commercial aptitude.
Group Counsel - Funding Circle
What sets LegalEdge apart is that they focus on problem solving and keeping issues in perspective. They know and understand our business and the array of legal issues we face.
Partner - Portal Tech Reply
As our trusted go to lawyers for complex contract queries and negotiations, LegalEdge know how to focus on the things that matter and to get deals done.
Commercial Director - Connect Managed
The Oxial team was very impressed with the quality of the contracts that the LegalEdge team produced for our business and with their responsive and collaborative approach.
COO - Hammer Team & Oxial

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_32854648_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

By LegalEdge News Sep 13, 2018

GDPR…a very tender question!

What do our clients think?

Contact

Navigate Site

Stay In Touch