Data protection obligations for attorneys and deputies
Produced in partnership with Craig Ward, Baron of Lundie, of Craybeck Law
Data protection obligations for attorneys and deputies

The following Private Client guidance note Produced in partnership with Craig Ward, Baron of Lundie, of Craybeck Law provides comprehensive and up to date legal information covering:

  • Data protection obligations for attorneys and deputies
  • General Data Protection Regulation
  • Data Protection Act 2018
  • LPA attorneys, Court of Protection deputies and the General Data Protection Regulation
  • The General Data Protection Regulation notice
  • Attorneys and deputies as data controllers
  • Consent and the General Data Protection Regulation
  • Conflict of interest
  • Making best interests decisions
  • Disclosure
  • more

Brexit impact: As of exit day (31 January 2020) the UK is no longer an EU Member State. However, in accordance with the Withdrawal Agreement, the UK has entered an implementation period, during which it continues to be subject to EU law. This has an impact on this Practice Note. For further guidance, see Practice Note: Brexit—implications for data protection. For access to related documents and further reading on Brexit, see: Brexit toolkit.

General Data Protection Regulation

The way data is held and processed changed on 25 May 2018. From this date onwards, data management is subject to the General Data Protection Regulation, Regulation (EU) 2016/679 (GDPR), the Data Protection Act 2018 (DPA 2018) and associated provisions. The GDPR provides principles regarding personal data, its use, management and access, including correcting data inaccuracies and automated decisions, profiling and deletion. The major change concerns data subjects (DSs) and their consent to storage and disclosure. For a comprehensive introduction to the GDPR, collating key practical guidance, see: GDPR toolkit.

Data Protection Act 2018

With effect from 25 May 2018, the Data Protection Act 1998 (DPA 1998) has been repealed and the UK data protection regime is now consolidated within DPA 2018. DPA 2018 is a fairly complex piece of legislation and it is challenging for non-specialists to follow.

While GDPR gives