Uncategorized

GDPR: Bringing Home the … Data

The General Data Protection Regulation (GDPR) is the new data protection code that replaces the existing Data Protection Act 1998 in May 2018. Many have focussed on the negative aspects such as the fines for non-compliance, which are eye-watering. You may recall TalkTalk’s security breach in 2015, which led to the loss of 150,000 customers’ data and resulted in a fine from the Information Commissioner’s Office (ICO) of £400,000; under GDPR that would have been £70 million!

Arguably, it was not TalkTalk being lax; but instead came about from part of their infrastructure being inherited when they took over Tiscali, a number of years earlier. This leads to the first practical step that we take when working with clients, preparing for GDPR. What data do they have and where is it?

Data is everywhere and can be found in unexpected places. It dawned on me the other day that having certain clients’ phone numbers in my mobile, means that some of that data is also in my car, because it’s uploaded via Bluetooth. You need to consider how wide the net is; documentation kept out of the office, data found in or copied to personal devices or e-mail accounts – Hilary Clinton’s use of a private e-mail server, for example.

The challenge comes simply from how well connected we are these days and as a result of this complexity, the aim is to harmonise data security across the EU. So when people ask me whether Brexit will get in the way, the simple answer is no; GDPR is here to stay.

Where businesses process data they must do so lawfully, fairly and transparently. To demonstrate lawful processing, a business must show that it is necessary for the performance of a contract or they must be able to justify, in line with the Regulation, that it is for the purposes of their legitimate interests.

Otherwise, businesses must demonstrate consent and this must be more than a simple tick-box amongst other terms; these requirements are detailed and cover how and the purposes for which that consent is obtained. Why not just e-mail all of your clients or customers confirming they are happy? A couple of recent cases suggest this might be a dangerous strategy; e-mails sent by the companies involved were themselves deemed to be marketing; for which there was no prior consent under the Privacy and Electronic Communications Regulations from 2003 – a related set of regulations that govern e-marketing activities.

Don’t worry then, you think, we’ll just outsource everything! Not quite; businesses will now be liable for the actions of suppliers that handle data on their behalf; at present there is a distinction between the data controller that owns the data and a supplier engaged with processing it (obvious examples being outsourcing and the use of cloud-based IT infrastructure). Therefore we are looking at clients’ existing arrangements. Providers should recognise your greater responsibilities and should not be seeking to exonerate themselves through well-crafted terms and conditions – you may need to prioritise reviewing your suppliers’ contracts.

GDPR may be about compliance, but we’re encouraging businesses to give themselves a competitive advantage by adopting a privacy by design approach and demonstrating that the protection of their customers’ and clients’ personal information is central to everything they do. They say a week is a long time in politics; so it’s hardly a surprise that today’s digital economy, back in 1995 (when the current Data Protection Directive came in), would have seemed more science-fiction than today’s day-to-day reality.

Areas where we are currently helping clients are within our Online and E-Commerce services under GDPR and Data Protection.

Posted on:
Posted in: Uncategorized

Exeter City Centre Vacancy – Award Winning Law Firm

We are looking to appoint a legal assistant to work primarily in our property department in Exeter  city centre. Whilst we would like to talk to experienced legal assistants/ paralegals, this post will most likely  suit someone who is looking to pursue a career in law for which this would be a first step on the ladder so do not let a lack of experience deter you from applying if you are serious about a career in law.

You will be expected to show your commitment towards a career in the law. You must be prepared to start at the bottom, to be conscientious, hard working flexible and reliable and in return you will be provided with a solid training in conveyancing and in property law.  You will be exposed to all types of property transactions, both residential and commercial. In addition you may be required to assist from time to time in other disciplines.

In the first instance, please write, by post or by e-mail (the later addressed to: Janet.Milton@solicitorstitle.co.uk, setting out why you want to work in the law and why you would like to be considered for this particular post.

 

Posted on:
Posted in: Uncategorized