Data protection

GDPR: protecting your personal information

David Pope summarises what consumers and law firms need to know - and do - to properly prepare for the introduction of the GDPR.

David Pope is entity manager at CILEx Regulation.

Fact: Firms are now holding more and more personal information.

Fact: Not looking after that personal information is a real risk.

Fact: If your firm gets it wrong, it will impact on your reputation and you may incur a fine.

It is vitally important to CILEx Regulation that all of its regulated firms, and in fact any businesses run by a CILEx member, look after personal information. Currently, all CILEx Regulation regulated firms are required to make it clear that they comply with the current Data Protection Act (DPA) 1998 and are registered with the Information Commissioner’s Office (ICO).

However, these rules are changing on 25 May 2018, with the full introduction of the General Data Protection Regulation (GDPR):

The ICO provides a lot of very useful information and guidance on the implementation of the GDPR. Particularly helpful is its blog where the ICO has been addressing some of the popular myths about GDPR

If a firm’s ‘personal data’ is currently subject to the DPA, it is very likely it will still be subject to the GDPR.

Firms need to do as follows:

to understand the impact of the changes;
to document the data they hold;
to respect the rights of individuals;
to cope with subject-access requests;
to know the lawful basis for processing personal data;
to understand consent; and
to identify if a Data Protection Officer is required.

The ICO provides a lot of very useful information and guidance on the implementation of the GDPR, available at: https://ico.org.uk/for-organisations/resources-and-support/getting-ready-for-the-gdpr-resources/. Particularly helpful is its blog, available at: https://iconewsblog.org.uk/tag/gdprmyths/, where the ICO has been addressing some of the popular myths about GDPR.

We suggest that…

Consumers: ask the firm how they look after your information. As a minimum, they should refer to this in the client care letter they send to you.

Firms: use the information that the ICO is providing to businesses and public bodies to prepare for the full GDPR implementation. This is available at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

If you have found this article useful, why not log this towards your CPD?

For more information, visit: (https://www.cilex.org.uk/membership/cpd/cpd_resources)

The General Data Protection Regulation - Part 2 In the waiting room for justice: update on the joint enterprise debate A digital future fit for conveyancing Making e-conveyancing today’s reality The importance of consultation in planning decisions Warboys’ release quashed by the Divisional Court Staying savvy in the cyber world Look out for the CPD symbol The LASPO Act five years on The post-Brexit legal order: a continuing role for the CJEU? HMCTS: changing something that matters