Data protection and outsourcing for law firms [Archived]
Data protection and outsourcing for law firms [Archived]

The following Practice Compliance guidance note provides comprehensive and up to date legal information covering:

  • Data protection and outsourcing for law firms [Archived]
  • Key terms
  • SRA Handbook
  • The Data Protection Act 1998
  • When does DPA 1998 apply?
  • When can personal data be processed?
  • Sensitive personal data
  • Processing data flowchart
  • Breach of the DPA 1998

ARCHIVED: This archived Practice Note reflects the data protection regime before 25 May 2018 under the Data Protection Act 1998 (DPA 1998). It is for background information only and is not maintained. We will shortly publish an alternative practice note reflecting the current data protection regime.

DPA 1998 governs the processing of personal data in the UK. It obliges processors of personal data to comply with eight principles and gives individuals a right to know what information is held about them.

This Practice Note summarises the data protection requirements in relation to outsourcing.

Key terms

DPA 1998 Data Protection Act 1998
EEA European Economic Area
ICO Information Commissioner's Office
SRA Solicitors Regulatory Authority

SRA Handbook

The SRA Handbook commences with ten SRA Principles. These are mandatory and apply to every aspect of practice. In relation to data protection, the most relevant SRA Principles are those requiring you to:

  1. uphold the rule of law and the proper administration of justice

  2. act with integrity

  3. behave in a way that maintains public trust

  4. comply with your legal and regulatory obligations

The SRA does not give a list of regulatory requirements