Disclosure—data protection and GDPR considerations
Produced in partnership with Miriam Everett (Global Head of Data and Privacy, Partner), Julian Copeman (Partner) and Hannah Brown (Associate) of Herbert Smith Freehills
Disclosure—data protection and GDPR considerations

The following Dispute Resolution practice note produced in partnership with Miriam Everett (Global Head of Data and Privacy, Partner), Julian Copeman (Partner) and Hannah Brown (Associate) of Herbert Smith Freehills provides comprehensive and up to date legal information covering:

  • Disclosure—data protection and GDPR considerations
  • Role of the CPR and GDPR during disclosure
  • Controllers and processors in the disclosure process
  • What do controllers have to document?
  • What do processors have to document?
  • Data protection principles
  • Disclosure of personal data in litigation
  • Redacting personal data
  • Consent
  • Data mapping
  • More...

Disclosure—data protection and GDPR considerations

This Practice Note considers data protection issues that should or may be considered during disclosure in civil proceedings. It looks at the role of the CPR and GDPR regimes during the disclosure process, the processing of personal data and special category data during disclosure, redaction of personal data, the position in relation to documents subject to legal professional privilege under relevant data protection provisions and data subject access requests (DSARs).

On 31 January 2020, the UK ceased to be a member of the EU and EEA. This Practice Note introduces:

  1. the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) regime (applicable under UK law until the end of the Brexit implementation period (31 December 2020 at 11 pm) and remaining applicable in the EEA—any references to EEA or EU states in this Practice Note should therefore be read to also include the UK until the end of that implementation period), and

  2. the United Kingdom General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) regime (applicable under UK law from the end of the Brexit implementation period)

Where there is no need to distinguish the two regimes, this Practice Note refers to both as the ‘GDPR’ for convenience.

Any references in this Practice Note to an ‘Article’ or ‘Articles’ relate to provisions in the GDPR unless otherwise stated.

This Practice Note should be

Related documents:

Popular documents