Data security

The obligation is ensure personal data are processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

You have to use appropriate technical and organisational measures to achieve that data security. Where an organisation’s computer systems are hacked, it is usually as a result of a failure to meet this obligation. 

To support data security, the GDPR also restricts transfers of personal data outside the EU and requires a whole raft of provisions to be included in any contract under which personal data are processed by one organisation on behalf of another. This requirement applies to all contracts in force beyond 25 May 2018 (irrespective of whether they were entered into before or after that date).

Practical steps to take now

  1. Review who in your organisation has access to records containing personal data (particularly any records containing special categories of personal data) and determine whether it necessary for everyone who currently has access to retain it.
    Consider whether pseudonymisation and encryption of personal data would be sensible – the GDPR and accompanying guidance published to date refer specifically to this.
  2. Plan staff training updates to emphasise the importance of data protection within your organisation.
  3. Ensure any contracts that your organisation has where personal data are transferred to another organisation – which happens where you use a cloud-based software system, for example – are GDPR-compliant (see the information on mandatory provisions for data processing contracts).  
  4. Download our checklist  on mandatory provisions for data processing contracts to ensure you are fully compliant with the regulations.

Main contacts

Contact one of our lawyers to discuss your GDPR concerns.

  • Gary Attle

    Gary Attle

    Partner

    • +(44)(0)1223 222394
    • Email Gary

      Contact Gary Attle

      * = required

       
       
         
       

      Mills & Reeve will use the information you provide in this form in accordance with our privacy policy. We may from time to time send you general updates by email or post that we think you will find of interest. This includes notification of upcoming event and updates or alerts containing relevant legal news. You can update your preferences at any time and will be able to easily unsubscribe from anything that you do not wish to receive.

      Thank you

      Thank you for your enquiry. We will be in touch shortly.

    • Cambridge
  • Richard Sykes

    Richard Sykes

    Partner

    • +(44)(0)121 456 8436
    • Email Richard

      Contact Richard Sykes

      * = required

       
       
         
       

      Mills & Reeve will use the information you provide in this form in accordance with our privacy policy. We may from time to time send you general updates by email or post that we think you will find of interest. This includes notification of upcoming event and updates or alerts containing relevant legal news. You can update your preferences at any time and will be able to easily unsubscribe from anything that you do not wish to receive.

      Thank you

      Thank you for your enquiry. We will be in touch shortly.

    • Birmingham
  • Peter Wainman

    Peter Wainman

    Partner

    • +(44)(0)1223 222408
    • Email Peter

      Contact Peter Wainman

      * = required

       
       
         
       

      Mills & Reeve will use the information you provide in this form in accordance with our privacy policy. We may from time to time send you general updates by email or post that we think you will find of interest. This includes notification of upcoming event and updates or alerts containing relevant legal news. You can update your preferences at any time and will be able to easily unsubscribe from anything that you do not wish to receive.

      Thank you

      Thank you for your enquiry. We will be in touch shortly.

    • Cambridge
  • Paul Knight

    Paul Knight

    Partner

    • +(44)(0)161 234 8702
    • Email Paul

      Contact Paul Knight

      * = required

       
       
         
       

      Mills & Reeve will use the information you provide in this form in accordance with our privacy policy. We may from time to time send you general updates by email or post that we think you will find of interest. This includes notification of upcoming event and updates or alerts containing relevant legal news. You can update your preferences at any time and will be able to easily unsubscribe from anything that you do not wish to receive.

      Thank you

      Thank you for your enquiry. We will be in touch shortly.

    • Manchester
Mills & Reeve Sites navigation
A tabbed collection of Mills & Reeve sites.
Sites
My Mills & Reeve navigation
Subscribe to, or manage your My Mills & Reeve account.
My M&R
Register or login

Register or login Get all the benefits of MyM&R but registering or logging in ulla vehicula mauris mattis hendrerit fermentum. Etiam placerat hendrerit dapibus. Praesent ligula felis, eleifend sed odio quis, feugiat eros. Aliquam vitae felis fermentum, posuere nulla ut, maximus magna.

Staff intranet
Log in to the intranet
Client extranet
Log in to the extranet