Rely on the most comprehensive, up-to-date legal content designed and curated by lawyers for lawyers
Work faster and smarter to improve your drafting productivity without increasing risk
Accelerate the creation and use of high quality and trusted legal documents and forms
Streamline how you manage your legal business with proven tools and processes
Manage risk and compliance in your organisation to reduce your risk profile
Stay up to date and informed with insights from our trusted experts, news and information sources
Access the best content in the industry, effortlessly — confident that your news is trustworthy and up to date.
Find up-to-date guidance on points of law and then easily pull up sources to support your advice with Lexis PSL
Check out our straightforward definitions of common legal terms.
Our trusted tax intelligence solutions, highly-regarded exam training and education materials help guide and tutor Tax professionals
Access our unrivalled global news content, business information and analytics solutions
Insurance, risk and compliance intelligence using big data, proprietary linking and advanced analytics.
A leading provider of software platforms for professional services firms
In-depth analysis, commentary and practical information to help you protect your business
LexisNexis Blogs shed light on topics affecting the legal profession and the issues you're facing
Legal professionals trust us to help navigate change. Find out how we help ensure they exceed expectations
Lex Chat is a LexisNexis current affairs podcast sharing insights on topics for the legal profession
Discuss the latest legal developments, ask questions, and share best practice with other LexisPSL subscribers
Laura Johnson, a Technology, Outsourcing and Privacy solicitor at Fieldfisher LLP, joined our recent LexisNexis Aspire networking and professional group facilitated by Sophie Gould, to share her expertise in an engaging and interesting presentation covering the low-down on the GDPR one-year post-implementation.
Key GDPR concepts
Laura started off by giving us a quick overview of the GDPR. This legislation applied from 25 May 2018 and replaced the Data Protection Act 1998 in the UK. It was implemented to modernise and harmonise the laws around data protection in order to better protect the personal information of individuals. However, as Laura reminded us, there is still more work to be done to catch up with the evolving technology in this area.
Personal data can be defined as any information relating to a data subject which leads to direct or indirect identification. Or, to put it simply, any information which identifies us as individuals e.g. IP addresses and device IDs.
There are a few other key terms under the GDPR, including:
Scope of the GDPR
The material scope of the GDPR includes when data is processed by automated means or where there is a hard copy which forms part of the relevant filing system.
The territorial scope of the GDPR is that it applies to any controller or processor which is:
There are six lawful bases for processing personal data:
Note, special category data requires a different set of lawful bases.
GDPR in review
Laura went on to explain the discrepancy between what was thought would happen post-implementation and what actually occurred.
The initial reaction to the GDPR was one of fear. There was a lot of misunderstanding and misinformation on the internet, and everyone seemed to be calling themselves an expert. Even minor breaches were being reported. Laura explained that, in one early case, a nursery was reported for accidentally sending a Father’s Day card with photos of a child on the front to the wrong parent of the child. This was obviously well below the threshold for reporting a breach.
Since its implementation, even data protection professionals are still learning. Those in private practice generally try to inform an industrial standard across all the deals they are involved with. It is sometimes more efficient to decide between the parties and individually assess the approach based on the situation.
Laura continues to explain more on GDPR developments and delves deeper into the types of breaches we've seen in the past year as well as what we can expect going forward - Read more in part two
Join Aspire today
Aspire is free to join and open to all in-house lawyers in the early stages of their legal career. Join today.
Additional recommended reading:
compliance—regulatory regime—overview - The Practice Note
provides an overview of the conceptual changes and the changes in regulatory
oversight and additional obligations for organisations which were implemented
by the GDPR
GDPR—Frequently Asked Questions (FAQs)
- This Practice Note is an archive that consolidates some of the most popular
or useful general Q&As (FAQs) on the General Data Protection Regulation
(the GDPR), Regulation (EU) 2016/679 and the Data Protection Act 2018 that have
been raised with the Lexis Ask service (GDPR FAQs)
compliance self-audit - This Precedent is based on a GDPR self-assessment
checklist published by the Information Commissioner's Office (ICO). It is
designed to help you check and assess your high-level compliance with the
General Data Protection Regulation (GDPR) e.g. including new rights of
individuals, handling subject access requests, managing consent and conducting
data protection impact assessment
protection principles under the GDPR - This Practice Note covers the
principles for handling personal data that form the core of the General Data
Protection Regulation, Regulation (EU) 2016/679 (the GDPR) and which are set
out in Article 5 of the GDPR
definitions under the GDPR - This Practice Note provides a background to
the definitions used in the General Data Protection Regulation (the GDPR),
Regulation (EU) 2016/679. Where applicable, this Practice Note also highlights
further details and terms provided under the Data Protection Act 2018 (DPA
2018), which contains supplementary definitions throughout its provisions and
Free trials are only available to individuals based in the UK
* denotes a required field
Claire is a paralegal is the LexisAsk and Commercial and Sectors teams at LexisNexis teams. She previously did a law conversion at BPP Law school and plans to study the LPC latterly. She is an English literature graduate and hopes to combine her studies by pursuing a career in the IP sector.
Claire is a keen member of the LexisNexis Singers and practices with them weekly. Outside of work, Claire is a keen hockey player and cyclist and brings this energy into everything she does in her job.
0330 161 1234