The General Data Protection Regulation (GDPR) is undergoing a massive change this coming year. With the change happening on the 25th May 2018, there is still time for lawyers, including commercial barristers, to make sure they are GDPR compliant. But what does it really mean to be GDPR compliant and why is this a big issue?
Why it’s a big issue
The General Data Protection Regulation develops and increases the obligations of data controllers set under the Data Protection Act 1998 (DPA). There are some new requirements which will probably require lawyers to re-assess how and what data they process. This will inevitably increase their administrative burden.
Under the DPA regime, many, including commercial barristers, will have done little more than register with the ICO. Compliance can be achieved by using standard wording, and including privacy notices in, for example, contractual terms, in letters and/or on websites concerning processing of personal data.
There are a number of aspects of the GDPR which are left to national governments to specify. There will be a new Data Protection Act. The Bar Council has made representations as to amendments which it considers should be made. There will also be new regulations in delegated legislation.
Additions to GDPR
The GDPR contains a number of new concepts. The new obligations include:
- Principle of accountability – data controllers are responsible for, and must be able to demonstrate compliance with, data protection obligations.
- Principle of transparency – personal data must be processed in a transparent manner, with data subjects being notified of processing.
- Data minimisation – there are stricter rules relating to the extent of personal data which is kept, and to the period for which it may be kept.
- Data breach notification – subject to limited exceptions, data breaches must be notified to the supervisory authority and data subjects.
- Right to be forgotten.
- Right of portability – data subjects will be entitled to receive a copy of personal data concerning them or have the data transferred to a third party.
- Data Protection Officers and Data Protection Impact Assessments.
- New liabilities for processors, which will include barristers’ chambers when processing information for barristers.
We, at Cerulean Chambers, have unparalleled experience in providing our services as commercial barristers direct to our corporate and individual clients.
We hope you find the information you are looking for here, but sometimes a conversation will help, so, if you need any further information or assistance, please feel free to call our clerk on + 44 (0) 20 3666 5105 or send an email to: firstname.lastname@example.org