Data Protection and Privacy

1 Matter Plan Included

ALERTS - Nil
Full Commentary - Data Protection and Privacy
Reference materials
- Electronic Signing and Witnessing
- Looking to the Future
- Further information
Overview and limitation periods

Since the General Data Protection Regulation (GDPR) came into force in 2018, data protection and privacy laws have rapidly evolved and continue to do so. These areas of law impact everyday life, with government and lawmakers finding it increasingly challenging to legislate quickly enough to protect ...
This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
Summary of the process

The usual steps in acting on data protection are:
This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
A. Getting the matter underway
- File cover sheet - Data protection and privacy
- To do list - Data protection and privacy
- First steps
- Retainer instructions - Data protection and privacy
- Compliance documents
  - Client Due Diligence and Anti-money Laundering Guidance
  - Client Details, Identity Verification and Source of Funds
  - Conflict of interest check
  - Client and matter risk assessment
  - If required - Reporting an issue
    
    Anti-money laundering internal disclosure
- Initial letter to client enclosing Client Care and Terms of Business
- Enclosures for initial letter to client
  - Client care information
  - Terms of business
  - Scope of work - Data protection - Acting for a data processor - Data breach
  - Scope of work - Data protection - Acting for a commercial client - Data processing
  - Scope of work - Data protection - Acting for a data subject exercising rights
- Funding
  
  Standard retainer Under a standard retainer the hourly costs of handling the case are paid by the client to the solicitor, together with all disbursements and expenses incurred.
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- If required - Conditional fees and damages-based agreements
  - Conditional fee agreement
    
    A conditional fee agreement is a no-win no fee arrangement based on the premise that a client is not responsible for the solicitor’s costs if the case is unsuccessful. The agreement will state that the client is liable to pay a solicitor’s costs only if the claim is successful. If it is, the ...
    This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
  - Letter to client giving informed consent to conditional fee agreement
  - Letter to client explaining barrister's fees
  - Conditional fee agreement
  - Enclosure - Conditional fee agreements explained
  - After the event insurance
    
    If the claim is unsuccessful the client is still likely to have to pay the other side’s costs. This cannot be alleviated by a conditional fee agreement. For this reason, clients are well advised to consider after the event insurance to accompany a conditional fee agreement. Simply put, the ...
    This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
  - Damages-based agreements
    
    A damages-based agreement is a contract between a solicitor and client that, if the client’s claim is successful, the solicitor will be entitled to a share of the recoveries. Damages-based agreements are different to conditional fee agreements in that they can be used only with claimant clients.
    This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
  - Letter to client enclosing damages-based agreement for signing
  - Damages-based agreement
  - Enclosure - Damages-based agreements
  - Notice of funding of case or claim
  - Litigation funding by a third party
    
    This is a relatively new mechanism by which a party who is not related to the case funds it in return for a fee. Essentially funding is predicated on the concept that claims are potential investment assets. While this raises ethical issues it gives an individual somewhere to go to fund certain ...
    This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Time and costs estimates
- If required - Letter to client varying the Client Care and Terms of Business
  - Letter to client varying the Client Care and Terms of Business
- General deeds, agreements, statements, declarations, consents, and execution clauses
  - Deeds and agreements
  - Deeds
    
    Deed for general use
    
    Deed of assignment of agreement
    
    Deed of assignment of agreement with consent
    
    Deed of assignment of an insurance policy
    
    Deed of assignment of equitable interest in residential land
    
    Deed of gift
    
    Deed of guarantee
    
    Deed of release
    
    Deed of release and grant
    
    General deed of indemnity
    
    Library of standard clauses for deeds
    
    Amendment
    
    Confidentiality
    
    Confidentiality - Extensive
    
    Costs
    
    Counterparts
    
    Dispute resolution
    
    Events beyond control
    
    Governing law and jurisdiction
    
    Interpretation
    
    No assignment
    
    Notices
    
    Severance
    
    Third parties
    
    Waiver
    
    Whole agreement
  - Agreements
    
    Agreement for general use
    
    Boundary agreement
    
    Confidentiality agreement
    
    Construction agreement
    
    Heads of agreement
    
    Library of standard clauses for agreements
    
    Amendment
    
    Confidentiality
    
    Confidentiality - Extensive
    
    Costs
    
    Counterparts
    
    Dispute resolution
    
    Events beyond control
    
    Governing law and jurisdiction
    
    Interpretation
    
    No assignment
    
    Notices
    
    Severance
    
    Third parties
    
    Waiver
    
    Whole agreement
  - Statements and declarations
    
    Statement of truth
    
    Statement of truth - High Court
    
    Statutory declaration
    
    Statutory declaration of solvency
    
    Affidavit - General
    
    Exhibit sheet for affidavits - General
    
    Witness statement - Family matters
    
    Exhibit sheet to witness statement - Family matters
    
    Witness statement - Civil matters
    
    Exhibit sheet to witness statement - Civil matters
  - Execution clauses
    
    Execution clauses - Agreements and contracts
    
    Execution clauses - Deeds
    
    Execution clauses - Overseas companies
  - Consents
    
    If required - Personal data consent - General
    
    Letter to client enclosing consent - General
    
    Letter to third party enclosing consent - General
    
    General letter enclosing client consent
    
    General letter enclosing third party consent
    
    Consent to provide information - General
    
    Consent to provide information - General - Third party
    
    If required - Personal data consent - Health professional
    
    Letter to client enclosing consent - Health professional
    
    Letter to third party enclosing consent - Health professional
    
    Letter to doctor enclosing client consent
    
    Letter to doctor enclosing third party consent
    
    Consent to provide information - Health professional
    
    Consent to provide information - Health professional - Third party
    
    Change of name
    
    Change of name deed for an adult - Concise
    
    Change of name deed for a minor - Concise
    
    If required - Enrolment by an adult
    
    Change of name deed for an adult - For enrolment
    
    Statutory declaration - Enrolment of adult change of name deed
    
    Notice for the London Gazette on the change of name of an adult
    
    Consent to enrolment of change of name of an adult
    
    If required - Enrolment by a minor
    
    Change of name deed for a minor - For enrolment
    
    Statutory declaration - Enrolment of minor change of name deed
    
    Affidavit of best interest for the change of name of a minor
    
    Consent to enrolment of change of name of a minor
B. The fundamentals
- The fundamentals
  
  Data protection law is based on seven fundamental principles:
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Glossary of terms
  
  The Information Commissioner’s Office provides a glossary of useful terms:
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Human rights
  
  Article 8 of the Human Rights Act 1998 grants the right to a private life, supported by the Data Protection Act 2018, the General Data Protection Regulation, and European legislation. The handling of personal data must protect the rights and freedoms of individuals as set out in both data ...
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Oversight and governance of a privacy programme
  
  The General Data Protection Regulation requires a data protection officer to be appointed in an organisation:
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Collecting personal data
  
  Personal data is any information relating to a person who can be identified, directly or indirectly, by one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity. Technology which processes personal data must be subject to security and ...
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Checklist - Data protection due diligence
C. An individual's rights
- An individual’s rights
  
  Under the General Data Protection Regulation, individuals are granted several rights regarding their personal data.
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- The right to make requests
  
  The right to access A subject access request is the most exercised right, allowing an individual to obtain a copy of all data held about them under Article 15. It may be necessary to clarify further details to fully understand the scope of the request and ensure all relevant data is included.
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Acting for a data subject
  - Data subject rectification request form
  - Data subject rights request form
  - Letter to client enclosing consent to obtain their personal data
- Acting for a data controller
  - Letter to data subject confirming their request was made
  - Letter to data subject enclosing response received
  - Letter to data subject requesting further information
  - Letter to data subject enclosing the personal data requested
- Freedom of information requests
  
  The Freedom of Information Act 2000 allows any individual to request information in writing from public authorities. Schedule 1 notes some exceptions that may limit the type of information that can be released following a request or, in some cases, allow the recipient not to respond at all.
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Environmental information requests
  
  The Environmental Information Regulations 2004 allow individuals to request environmental information from public authorities. The scope of environmental information is defined in r 2(1). The Information Commissioner’s Office has a Code of Practice on the discharge of the obligations of public ...
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Letter making an information request
D. Compliance for business
- Compliance for business
  
  Registration If an organisation is a data controller, it must register with the Information Commissioner’s Office and pay the appropriate registration fee for certification: see Data protection fee.
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Data protection policy
- Data protection policy for a business
- Privacy policy
- Data protection internal compliance audit checklist
- Concise data protection impact assessment
- Extensive data protection impact assessment form
- Data protection privacy notice
- Data retention
  
  Organisations should maintain a retention policy setting out the periods when data is retained based on a department’s needs or industry standards. The general principle is that once data is no longer required, it will be deleted in line with the storage limitation principle in Article 5(1)(e) ...
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Records retention policy
- Data processing and data sharing agreements
  
  Contractual considerations Data protection provisions may appear embedded in commercial contracts or separate agreements.
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Data processing agreement
- Data processing agreement - Letter form
- Employee data
  
  Employee data must be handled with the same degree of care as client or customer data. Appropriate processes need to be in place to ensure that data is collected, stored, processed, and deleted in line with data protection principles.
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
E. Security incidents and data breaches
- Security incidents and data breaches
  
  Not all security incidents are data breaches, but the two often entwine. While a system's technical security may be compromised, there may be no unauthorised access to personal data. As such, processes must be in place to ensure that the facts of an incident can be determined quickly, implementing ...
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Data breach reporting evaluation
- Letter to affected client reporting a data breach
- Data breach in office reporting
- Data breach report including remediation actions
- Penalties, sanctions, and enforcement
  
  Penalties and sanctions are assessed against:
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Pre-action protocols
  
  Pre-action protocols are set out in Practice Direction – Pre-Action Conduct and Protocols of the Civil Procedure Rules. The pre-action protocols include the steps the court expects parties to take before commencing proceedings. The objectives of the pre-action conduct and protocols are to ensure ...
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Letter of claim to data controller or processor
- Certificate of service
F. Settling the matter
- Settling the matter
  
  Court proceedings should be the last resort. If the parties have taken the protocol steps described above and still cannot agree, paragraph 8 of the Practice Direction – Pre-Action Conduct and Protocols requires them to take appropriate steps to resolve the dispute without starting court ...
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Alternative dispute resolution
  
  The Glossary to the Civil Procedure Rules defines alternative dispute resolution (ADR) as a collective description of methods of resolving disputes rather than through the normal trial process. There is no prescribed form of ADR, as much depends on the case, the parties, the merits of their ...
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Letter to the other side’s solicitor suggesting alternative dispute resolution
- Mediation settlement agreement
- Offers to settle
  
  There are opportunities to settle disputes, even when the parties’ relationship has soured. Settling the dispute can reduce costs and stress for all parties.
  This excerpt is a preview of the full publication. You can Subscribe Now and gain immediate access to the complete publication.
- Letter to defendant’s solicitor making Calderbank offer
- If required - Part 36 offers
  - Enclosure - Part 36 offers
  - Letter to client suggesting making a Part 36 offer
  - Offer to settle (Section I Part 36)
  - Letter to other side's solicitor making Part 36 offer
  - Letter to client enclosing copy Part 36 offer made
  - Letter to client enclosing copy Part 36 offer received
- Settlement agreement
- Letter to client with draft settlement agreement
- Letter to other side's solicitor with settlement agreement
- Letter to court confirming settlement
- General form of judgment or order
- Library of example consent orders
  - Clause - Consent order for judgment notation of agreement
  - Clause - Consent order payment inclusive of costs
  - Clause - Consent order judgment in favour of one party
  - Clause - Consent order for proceedings to be dismissed with no order as to costs
  - Clause - Consent order for acceptance of lesser sum
- Letter to other side's solicitor sending draft consent order
- Letter to court filing draft consent order on settlement
G. Finalising the matter
- Letter to client finalising the matter
- Example invoice
- Invoice recital - Acting for a data processor - Data breach
- Invoice recital - Acting for a commercial client - Data processing
- Invoice recital - Acting for a data subject exercising rights
- Enclosure - Explaining the bill
- Closing the file
- File closing checklist
- File review form - General
Comments and suggestions for By Lawyers

Data Protection and Privacy

This publication guides practitioners through the complexities of data protection and privacy laws, covering individual rights, business compliance, data processing, security incidents, and breaches.

Overview

Precedents in this publication include:

1 Matter Plan Included

Our Authors