Data protection obligations for attorneys and deputies
Produced in partnership with Craig Ward, Baron of Lundie, of Craybeck Law
Data protection obligations for attorneys and deputies

The following Private Client guidance note Produced in partnership with Craig Ward, Baron of Lundie, of Craybeck Law provides comprehensive and up to date legal information covering:

  • Data protection obligations for attorneys and deputies
  • Brexit impact
  • General Data Protection Regulation
  • Data Protection Act 2018
  • LPA attorneys, Court of Protection deputies and the General Data Protection Regulation
  • The General Data Protection Regulation notice
  • Attorneys and deputies as data controllers
  • Consent and the General Data Protection Regulation
  • Conflict of interest
  • Making best interests decisions
  • more

Brexit impact

The UK has voted to leave the EU and is due to leave on exit day, as defined in section 20 of the European Union (Withdrawal) Act 2018. The date and time of withdrawal (exit day) is fixed in UK law (though potentially subject to change), but the legal terms of withdrawal negotiated with the EU are not. This leaves open the possibility that the UK’s membership will lapse automatically on exit day, without all the necessary legal and transitional arrangements in place. This has implications for practitioners considering data protection. The exact nature of the changes to data protection laws in the UK post-Brexit will depend on the terms of the UK’s future relations with the EU and subsequent laws. For guidance, see Practice Note: Brexit—implications for data protection. This Practice Note sets out the current position on the impact of Brexit on the general processing of personal data under the GDPR and DPA 2018. For access to related documents and further reading on Brexit, see: Brexit toolkit.European Union (Withdrawal) Act 2018, ss 20(1)–(5)

General Data Protection Regulation

The way data is held and processed changed on 25 May 2018. From this date onwards, data management is subject to the General Data Protection Regulation, Regulation (EU) 2016/679 (GDPR), the Data Protection Act 2018 (DPA 2018) and associated provisions. The GDPR provides principles regarding personal data, its use, management and access, including correcting data inaccuracies and automated decisions, profiling and deletion. The major change concerns data subjects (DSs) and their consent to storage and disclosure. For a comprehensive introduction to the GDPR, collating key practical guidance,