The nature of professional services often necessitates the capturing of personal data relating to subjects. This data is currently covered by an array of law and regulation, however from May 25th 2018 state bodies require a law to legitimise their activity. Not all requirements are currently covered by law, many are simply regulation. From a legal perspective, the rights of the subject under GDPR will trump those of regulation, and it may take some time to normalise practices. This may cause an amount of uncertainty in the short term and may affect the advice provided to clients.
Besides the normal DP considerations relating to clients, employees, direct marketing, surveillance, social media, e-commerce and international transfer, and the importance of IT integrity and subcontractor contracts, particular attention may to be focused on;
- Comprehensive and manageable retention policies (that may evolve over the coming years)
- The significance of legal proceedings on Access Requests
- Understanding of the basics of Data Protection while strategising with clients
- Managing AML, Revenue, and other government agency requirements
first can support you in a manner consistent with your own skills and circumstances to minimise risk and ensure compliance and can also assist you with planning or Data Protection events relating to your clients.