Green Arrow Consultancy

Privacy Compliance Management

GDPR/CCPA/Privacy Management

When you run a business large or small, it doesn’t matter if you are trading millions or nothing at all, your website needs to be legally compliant.

All businesses need to notify the Office of the Information Commissioners and inform them that they are collecting data, which needs to be:

  • Used fairly and lawfully
  • Used for specific purposes
  • Used in a way that is adequate, relevant and not excessive
  • The data needs to be accurate
  • Kept only for a certain period of time
  • Handled according to people’s data protection rights
  • All data needs to be kept in a safe and secure location
  • Data cannot be transferred outside the European Economic Area without adequate protection.

If you want to ensure that your business is GDPR compliant, please get in touch with the team here at GAC and we will happily have a chat with you and talk you through how we can help ensure your business stays on the right side of the guidelines.

Our data privacy board has aptitude with privacy policy, processes and technology and can design, build, run, monitor, and improve our clients’ data privacy risk supervision capabilities, delivering custom solutions no matter the company’s data environment or risk profile.

From minor meetings around specific regulations to ongoing organized services, we help each organization better define, implement and operationalize data privacy strategies.

Our digital consultant will function with you and discover the right balance between your business purposes and your legal responsibilities. We’ll support you and help you understand the hazards, advise on the alternatives and make suggestions.

We don’t just provide advice, we will get right in there with you. We’ll help you get cookie compliance and meet customer expectations.

If you need Data Privacy assistance and ongoing data protection guidance from an experienced company, we’re the perfect fit for you!

Rights of GDPR:

The right to access : means that individuals have the right to request access to their personal data and to ask how their data is used by the company after it has been gathered. The company must provide a copy of the personal data, free of charge and in electronic format if requested.

The right to be forgotten : if consumers are no longer customers, or if they withdraw their consent from a company to use their personal data, then they have the right to have their data deleted.

The right to data portability : Individuals have a right to transfer their data from one service provider to another. And it must happen in a commonly used and machine readable format.

The right to be informed : covers any gathering of data by companies, and individuals must be informed before data is gathered. Consumers have to opt in for their data to be gathered, and consent must be freely given rather than implied.

The right to have information corrected : ensures that individuals can have their data updated if it is out of date or incomplete or incorrect.

The right to restrict processing : Individuals can request that their data is not used for processing. Their record can remain in place, but not be used.

The right to object : includes the right of individuals to stop the processing of their data for direct marketing. There are no exemptions to this rule, and any processing must stop as soon as the request is received. In addition, this right must be made clear to individuals at the very start of any communication.

The right to be notified : If there has been a data breach which compromises an individual’s personal data, the individual has a right to be informed within 72 hours of first having become aware of the breach.