Business Startup Consultant
About Dragon Argent Meet The Team Careers Our Fees Office Location
Company Brochure Startup Handbook Demystifying Venture Capital Investor Pitch Deck Template

GDPR, Data & Privacy Advice for Technology Enabled Businesses

Dragon Argent’s specialist data protection lawyers will work closely with you to understand your business model and how you collect and use customer data. We’ll provide clear, pragmatic advice tailored to your commercial situation and future strategic goals.

We demystify data protection for founders through a range of simple UK GDPR compliance services including:

  • Privacy policies

  • Cookie policies

  • Terms and conditions

  • Risk assessments

  • Record of processing activity

  • Data privacy impact assessments

Find out more about how our experts can assist in your data privacy compliance by scheduling a discovery call today.

Alternatively call us on 02076860000 or send your enquiry to ask@dragonargent.com

TRUSTED BY FOUNDERS, STARTUPS & SMEs

Data Protection for Small to Medium Enterprises

All businesses in the UK need to comply with the UK GDPR, but most businesses seem to fall short of compliance. Failing to comply with the UK GDPR can result in fines of up to 4% of global annual turnover, or £17.5m — whichever is greater.

Dragon Argent offers a comprehensive data audit as a first, cost effective step towards ensuring compliance. A data audit is an indispensable tool for any business’ improvement of its GDPR status. A data audit will

Identify:

  • Who your data subjects are;

  • What personal data you handle about them;

  • Whether you hold any special category, sensitive personal data on them;

  • What the legal basis for any processing is; and

  • Where the data is held.

Prompt you to consider:

  • How do you keep it secure?

  • With whom do you share it?

  • Does it leave the UK at any stage and if so, is this lawful ?

Provide you with:

  • Greater transparency with and therefore increased trust from data subjects such as existing and potential customers and staff;

  • Enhanced compliance with important data protection legislation and avoidance of fines, reprimand or reputational damage;

  • Differentiation from the competition and other competitive advantages

 
 

Louise Marshall

Data & Privacy Consultant

 

Hear what our clients think:

Dragon Argent have supported us since inception and been fundamental to establishing firm foundations for our business. They’re experienced, straightforward, founder-friendly, and deliver a breadth of services in a joined-up way that inspires confidence.

Griffin Parry | Founder & CEO, m3ter

GDPR COMPLIANCE SERVICES FOR FAST GROWTH STARTUPS

We’ll help you build a compliant data framework that is agile and compliant

 

Data Protection Audit

45 minute call or meeting to go through the audit tool, followed by diagnostic of gaps and list of recommended remediation’s with prices.

 

Cookie Banner & Internal Privacy Policy

To address the use of cookies by client.

Privacy Notice

Drafting customised Privacy Notices as mandated by Art 13 GDPR based on the analysis of the audit and covering all the legally required aspects.

 

Illegal Transfer Risk Assessment

Due diligence of your “tech-stack” to ensure that server location does not expose client to illegal data transfers (high risk) and remediation of that risk.

 

GDPR COMPLIANCE SERVICES FOR SMEs

 

Article 30 Record of Processing Activity (ROPA)

Mandatory as matter of law and required by lenders/clients. Comprises template plus pre-population and support in maintenance.

 

Protocols for DSARs and Data Breaches

Forms and guidance for dealing with subject access requests and data breaches

DPIA (Data Privacy Impact Assessments)

Invariably required for introduction of any new system/process/processor. Lengthy and detailed analysis of the impact on data of the new process

 

Data Processing Agreements

Drafting from scratch detailed Data Processor or Controller agreements as required in law by Article 28.

Internal Training

A set of slides and guidance notes for internal delivery by client to satisfy requirements arising from potential breaches/DSARs

 

Internal Privacy Policy

Invariably required by lenders/partners/clients.

 

To protect your business from data protection penalties and fines, contact our GDPR solicitors today for expert GDPR legal advice.

 

GOT A GDPR COMPLIANCE RELATED QUESTION?

Please leave us your details and we’ll contact you to discuss your situation and GDPR requirements. There’s no charge for your initial consultation, and no obligation to instruct us. We aim to respond to all messages received within 24 hours.

Alternatively call us on 02076860000 or send your enquiry to ask@dragonargent.com

 
 
 

FREQUENTLY ASKED QUESTIONS

  • Whenever you collect and use identifiable personal data about customers or a client (like name, email, address and preferences) you need to stay compliant with the law.

    If you don’t comply, you can be fined by the regulator (the ICO - Information Commissioner’s Office) – up to 4% of your turnover. Or, even more worryingly, the ICO can issue a ‘Stop Now’ order, which prevents you from collecting or using personal data at all, either permanently or until you have complied with their requirements.

  • The GDPR requires organisations who process personal information (known as “personal data”) relating others to keep that data safe, and to only process the data if they have lawful grounds to do so.

    In summary, the GDPR obliges organisation who processes personal data to protect that personal data and only process it if they have lawful grounds to do so (including being transparent about what data is held and why and what is done with it, only processing the data for the purpose for which is was collected, only processing – collecting- the minimal amount of data needed for the lawful processing and making sure that the organisation has appropriate technical and organisational measures in place to protect .

  • The GDPR applies to all organisations (which includes sole traders, charities, partnerships and limited companies) who have a branch in an EU member state or if the organisation is based outside the EU, then if that organisation either “processes” personal data in the European Union or if customer, employees, users etc are based in the EU. “Processing” includes if the data is in transit, stored, or otherwise.

  • Individuals have the right to know what organisations are doing with their personal information, who that information is shared with, how long it is stored for etc.

    They also have various rights of access to that information including:

    • Access

    • Rectification

    • Erasure (‘Right to be Forgotten’)

    • Restriction of processing

    • Portability (in a format to enable transfer)

    • Object to processing

    • Automated decision making, including profiling.

  • Understanding the complexities of the GDPR can be difficult and many businesses think it only covers personal information relating to their staff. Data protection also includes your customers’ and suppliers’ personal data and any data you are storing or managing for a third party.

    We advise businesses on:

    • Data Audit

    • Data Asset Register

    • Data Protection Policies and Procedures

    • How to handle subject access requests (SAR / DSAR)

    • Individuals’ data rights

    • Dealing with data breaches, including reports to the ICO

    • Handing complaints from individuals and regulators

    • Moving data out of the EEA

    • Sharing data with other businesses

  • The data protection principles set out the rules you need to follow when using personal data. You must make sure the information is:

    • processed fairly, lawfully and transparently

    • processed for specified, explicit purposes

    • processed in a way that is adequate, relevant and limited to only what is necessary

    • accurate and, where necessary, kept up to date

    • kept for no longer than is necessary

    • handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

    GDPR introduced a new ‘accountability’ principle. It means you are responsible for what you do with personal data and how you comply with the data protection principles.

    What else you need to do will depend on how much and what type of data your practice controls.

    • Carry out an audit of the information you hold. Consider why and how long you hold this data. Implement a compliant data protection policy;

    • Update privacy notice on website and for all staff;

    • Review marketing processes and cleanse data where consent is needed;

    • Update all contracts with third parties, and terms and conditions to ensure GDPR compliance;

    • GDPR training/awareness for staff;

    • Ongoing audits.