0370 270 6000

already registered?

Please sign in with your existing account details.

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

your information

The firm has implemented an extensive and comprehensive project for the purposes of ensuring compliance with the General Data Protection Regulation (GDPR). We summarise below the key steps and elements that form part of this project and our compliance programme after GDPR is implemented:

  • in preparation for GDPR, the firm established a Project Board to coordinate and approve the implementation of the firm’s GDPR compliance programme. The Board includes the firm’s Head of Risk and Compliance, the partner who is the firm’s Chief Information Security Officer (CISO) and a specialist data protection partner. The Board reports into the firm’s Risk & Compliance Committee and Operations Board
  • the firm has undertaken an audit of the data held by the firm for the purposes of informing and tailoring its compliance programme
  • we are refining our existing comprehensive suite of policies and procedures to deal with GDPR and these are available (where applicable) to staff on the firm’s microsite. These include policies in relation to data transmission (e.g. password protection and encryption), data retention and destruction and breach reporting
  • we have in place an ongoing communications and training plan for GDPR in order to raise awareness and provide more detailed training and education. This includes mandatory online interactive training (which all employees have completed), briefs and alerts through our employee and partner briefings and 'desk drop' awareness raising sheets
  • from a data control perspective, we operate a ‘paper light’ approach across our offices whereby documents received are stored within our secure electronic filing systems and hard copies are only retained where absolutely necessary. Also, we use secure datarooms for the exchange of information where possible
  • we are ISO27001 accredited and have been for five years. We also have Cyber Essentials Plus
  • all our devices are encrypted and our systems are subject to regular vulnerability testing
  • all electronic equipment at 'end of life' is physically destroyed by chipping into 5mm pieces and a certificate of destruction for every piece of hardware destroyed. All mobile phones and ipads are digitally wiped
  • we will continue to act under our existing terms of business (where appropriate) and updated versions of this, our privacy notice and supporting documents will appear on our website in due course.

Further information

For further information on how we use your data, please visit the following pages:

Further policies, procedures and guidelines will appear here in due course.

Contact us

Please send enquiries about your data to compliance@brownejacobson.com.