How can we help?


Compliance with the data protection regime is an ongoing process. Once a business has become compliant, it must continue to monitor, adapt and update its processes to demonstrate that it has remained compliant. Buckworths Compliance provides services to bring a business to a state of compliance and then to assist it with maintaining compliance thereafter.


Becoming compliant


Data Protection Impact Assessment (DPIA): We undertake a DPIA (essentially an audit) which can be carried out either during the startup phase (for new businesses), or as part of becoming compliant with GDPR (for existing businesses).

Implementation: On completion of the DPIA, Buckworths Compliance provides a report summarising the information collected and providing recommendations in three areas: legal, compliance and technical. This report is the starting point for evidencing steps taken to become compliant.

Buckworths Compliance implements the compliance recommendations (which may include putting in place policies and procedures) and Buckworths (our sister law firm) implements the legal recommendations (which may include amendments to the privacy policy and amending data protection clauses in supplier, customer and processor agreements). We can assist your tech team, or can recommend highly qualified third parties to help with implementation of any technical recommendations.


Maintaining compliance


Once the recommendations in the DPIA have been implemented, the business should be compliant with GDPR, or on its way to be compliant. However, maintaining compliance is an ongoing process.

DPO: Many businesses will be required to appoint a data protection officer (DPO) and those that are not required to do so will want to have access to regular advice and to carry out regular compliance health checks to ensure that the business remains compliant and that it can demonstrate compliance to the ICO. Buckworths Compliances provide an outsourced DPO service as well as a lighter touch quarterly review service. Both services are designed to assist a business with demonstrating compliance with GDPR.

Training: A key obligation of GDPR is to ensure that all staff are appropriately trained in GDPR and its implications on your business. Buckworths Compliance provides generic and tailored training for businesses to ensure that all staff know and understand their obligations. This takes the form of face to face training, online videos and seminars and online training.

DPIA for new services: Every time that a new service is introduced, an analysis must be undertaken to identify whether the service represents a high risk to the rights of data subjects. If (as is often the case) it does, a DPIA will need to be undertaken to identify the risks involved and recommend and implement measures to minimise the risk. Buckworths Compliance will carry out these audits for you.