CONTACT US 01312268200
legal50016 2016 scott co dispute resolution award winning law firm Law Society Winner 2016
legal50016 2016 scott co dispute resolution award winning law firm Law Society Winner 2016
  • Being Awesome
  • Connecting people
  • Doing the right thing
  • Driving excellence
  • Making it happen

Contact us mobile

Invalid Input
Invalid Input
Invalid Input
Invalid Input
Invalid Input
You must confirm you have read and accept our Website Privacy Policy.
Invalid Input

Controller / Processor Contracts – what’s new?

Under the GDPR, both data controllers and data processors have compliance obligations and responsibilities. Processors for the first time have direct liability and may be subject to penalties and civil claims by data subjects for non-compliance with the terms of the GDPR. It is very important that controllers and processors clearly document their respective obligations and the GDPR creates a requirement for a contract to be in place between them, setting out specific terms that processor/controller agreements must contain, as a minimum. This aims to ensure that processors only carry out processing as agreed with the controller and always in...
Continue reading
  5 Hits
5 Hits

Data Protection Impact Assessments – what, when and why?

Screenshot 3
Screenshot 5
Screenshot 7
Screenshot 9
Screenshot 11
A new principle introduced by the GDPR is that of accountability. This requires data controllers to be able demonstrate their compliance and there are a number of ways that they can do this. Data Protection Impact Assessments (DPIAs) are one tool that under the GDPR must be used by organisations to identify and minimise the potential data protection risks of any new projects to be undertaken which involve the processing of personal data. Also key to GDPR is that organisations take a “data protection by default and design” approach to any activities involving data processing. DPIAs again help to achieve...
Continue reading
  48 Hits
48 Hits

How far does the GDPR reach…?

As we all know by now, the GDPR came into force on Friday 25 th May 2018. For businesses based in Europe with employees and customers in the EU, this means unavoidable change. Changes to the way personal data is processed, changes to information to be given to data subjects, changes to internal governance, changes to the culture surrounding data protection within the organisation.  But what about businesses who are not based within the EU? Does the GDPR apply to them? What about non EU-based organisations who sell only occasionally to the EU? Article 3 of the GDPR states that...
Continue reading
  67 Hits
67 Hits

Data Protection Act 2018

How we deal with data protection within the EU significantly changed on 25 th May 2018. The vast majority of the population are aware of the coming into force of the General Data Protection Regulation due to the abundance of emails in their inbox providing them with updated Privacy Policies or asking them for consent to use their personal data. However, less well publicised was the fact that on the same date, the UK’s Data Protection Act 2018 received the Royal Assent. So what does the Data Protection Act 2018 differ from the GDPR? Firstly, the GDPR has direct effect...
Continue reading
  94 Hits
94 Hits

Codes of Conduct

So – what is a Code of Conduct? Article 40 of the GDPR refers to the use of codes of conduct in order to contribute to the proper application of the GDPR, taking into account specific features of the various processing sectors and specific needs of micro, small and medium-sized enterprises.  The ICO has now issued guidelines in relation to use of codes of conduct covering UK processing. Whilst the ICO are not responsible for drafting codes of conduct, they are responsible for approving all codes drafted by trade associations or other bodies representing a sector. Trade associations and other...
Continue reading
  116 Hits
116 Hits