Dispute resolution—data protection and GDPR considerations
Produced in partnership with Linda Bazant of LRB Consult Ltd
Dispute resolution—data protection and GDPR considerations

The following Dispute Resolution guidance note Produced in partnership with Linda Bazant of LRB Consult Ltd provides comprehensive and up to date legal information covering:

  • Dispute resolution—data protection and GDPR considerations
  • Background to GDPR and DPA 2018
  • Controllers and processors
  • What constitutes personal data?
  • Redacting personal data
  • Pseudonymisation and anonymisation
  • Special category personal data
  • Data protection principles
  • Personal data—lawful grounds for processing
  • Lawful ground—consent
  • more

Brexit: The UK's departure from the EU on exit day, ie Friday 31 January 2020, has implications for practitioners considering data protection and GDPR. For guidance, see: Brexit—implications for data protection.

This Practice Note focuses on General Data Protection Regulation, Regulation (EU) 2016/679 (GDPR), the Data Protection Act 2018 (DPA 2018) and data protection issues that should or may be considered during dispute resolution proceedings. It considers the background to data protection provisions and the GDPR in the UK and, in the context of civil litigation in England and Wales, provides guidance on the definition of controllers, processors, personal data, pseudonymisation, anonymisation, special categories of personal data and data protection principles. It looks at lawful grounds for processing such as consent, performance of a contract, compliance with a legal obligation, performance of a task carried out in the public interest and legitimate interests as well as the data protection principles including fairness, transparency, data minimisation, data retention and accountability. The Practice Note also considers client compliance, data mapping, data protection impact assessments, data subjects’ rights, transfers outside the EEA, extra territorial reach and sanctions for breach of GDPR.

This Practice Note should be read in conjunction with:

  1. Disclosure—data protection and GDPR obligations—which considers the GDPR, DPA 2018 and other data protection issues that should or may be considered during the disclosure process