Data protection, GDPR and privacy law is a complex and fast-changing area with international differences adding an extra layer of complexity. Data protection is the process of safeguarding important information from misuse, corruption or loss. Data protection has become much higher profile in an era of data and technology driven decision making and if you handle personal information about an individual, you have legal obligations regarding how you can process and store that information as set out in the Data Protection Act 2018. Private individuals are more aware of the value of their identity and wish to manage how their data is used and how they receive communications from businesses and organisations.
Currently the EU and UK has the most strictly enforced data protection regime in the world. This is set out in the General Data Protection Regulations (GDPR) and its UK variant, but other countries are following suit. The penalties for breaching data protection law are punitive and the Information Commissioner's Office (ICO) is clear that data protection “by design” should be built into all business processes in order to remain compliant with Data Protection legislation.
You can also read more information on changes to data protection law.
Compliance and business as usual
Our professional data protection lawyers at Thomson Snell & Passmore have the ability to offer pragmatic advice on the legal framework of the Data Protection Act 2018 (which brings the GDPR into force). We can also advise you on the practical implications and challenges that you may face when trying to ensure that your organisation remains compliant.
Led by experienced intellectual property and technology lawyers, our commercial team can assist businesses of all sizes, across various sectors, to control and process data while remaining compliant with data protection legislation. This includes data audits, preparation of privacy policies, preparation of data protection impact assessments and data sharing agreements.
Through assisting Thomson Snell and Passmore’s internal processes to be GDPR compliant as well as supporting our clients, our lawyers have first-hand experience of the challenges faced and practical insights in ensuring compliance. Our data protection lawyers are experienced in their field and can provide you with high quality and expert support.
Data Subject Access requests
Under the current data protection regime, data subject access requests (DSARs) are a legal right of data subjects. The regulations surrounding proper compliance with DSARs are technical and the production of data can be a complex task. DSARs are increasingly being used in disputes as a method of disclosure and to burden parties. At Thomson Snell & Passmore, our team of data protection lawyers have expertise in advising clients about DSARs from employees and the educational sector.
Personal Data Breaches - notifications
Processing of personal data is no longer something to be undertaken without careful consideration. Unlawful processing or a data breach may both give rise to liability to data subjects for damages. The financial and reputational damage caused by unlawful processing and/or a data breach can have devastating consequences to businesses and organisations.
In addition to this, the ICO has powers to enter businesses where it suspects there are breaches of the Data Protection Act 2018. This can greatly impact a businesses ability to trade, and will eventually result in the organisation facing costs of dealing with an investigation.
Law cases in this area are fast developing. Both the arrival of the Data Protection Act 2018 and a wider appreciation amongst data subjects of the value of their data and data privacy has led to a growth in data protection, GDPR and privacy cases in the Court. Businesses should be aware that whilst individual claims may be financially small, the Courts are considering a number of data protection cases of group or representative actions which can result in large numbers of small value claims being dealt with together as single high-value dispute.
Our dispute resolution specialists at Thomson Snell & Passmore can support business clients subject to claims in terms of either mounting a defence or settlement of damages claims. Where there are international issues, we can call upon our international network of partner firms to help steer you through the many local differences that complicate data protection worldwide.
Our lawyers can advise you on:
- Data Protection Act 2018 for data controllers and data processors
- Compliance with the General Data Protection Regulations (GDPR) including
- privacy policies and data protection statements on websites or marketing materials
- carrying out an audit of what personal data you hold and how you process it.
- preparation of Privacy Impact Assessments for the purpose of understanding ongoing record keeping obligations
- checking whether your contracts with data processors (in particular) contain GDPR compliant data protection clauses
- preparing mandatory data sharing agreements
- checking consent wording that has been used to collect email address data sets for direct marketing is GDPR-compliant.
- identifying whether you are required to appoint a Data Protection Officer and, if so, whom you might appoint (the required qualifications are quite high).
- Use of personal data for marketing and advertising and compliance with the Privacy and Electronic Communications Regulations
- Sale and purchase of databases
- Database rights and management
- Licensing databases
- Data protection laws specific to schools and education
- Personal data issues arising in employment matters
- Data subject access requests and the application and impact of the Freedom of Information Act
- The transfer of personal data outside of the EEA
- Data breach notifications
- Data security
- Confidentiality agreements
- Claims for damages by data subjects
Our approach
Our team of commercial data protection lawyers obtain an in-depth understanding of the industry, and are aware that the commercial conditions under which you operate and your strategic objectives are vital when providing effective legal advice on data protection. With an in-depth understanding of the industry and extensive experience of IT and IP, we can support your data protection compliance effectively. We provide tailored advice which reflects your business objectives, minimises risk, remains compliant and operates in a cost effective manner.
At Thomson Snell & Passmore, our data protection lawyers provide a robust and commercially appropriate framework, which is designed to exploit your assets, protect your rights and prevent disputes arising. We take a hands-on approach to give practical advice, which enables our clients to operate effectively on a day-to-day basis.
If a data breach or complaint should occur, we will provide our clients with practical guidance in order to manage the issue. We can advise our clients on which steps to take, or if the client needs to focus elsewhere, we can step in on the behalf of them.
If you would like to further discuss any of the information detailed above with our team of data protection lawyers, please contact Joanne Gallagher, Head of Corporate & Commercial on 01322 623708 or at joanne.gallagher@ts-p.co.uk.
