Dispute resolution—data protection and GDPR considerations
Produced in partnership with Charlie Morgan (Senior Associate, Digital Law Lead (UK)) of Herbert Smith Freehills
Dispute resolution—data protection and GDPR considerations

The following Dispute Resolution practice note Produced in partnership with Charlie Morgan (Senior Associate, Digital Law Lead (UK)) of Herbert Smith Freehills provides comprehensive and up to date legal information covering:

  • Dispute resolution—data protection and GDPR considerations
  • Background to GDPR and DPA 2018
  • Information Commissioner's Office (ICO) guidance
  • Article 29 Working Party/European Data Protection Board guidance
  • Scope and territorial reach of the GDPR
  • What constitutes personal data?
  • What constitutes ‘processing’ personal data in litigation proceedings?
  • Identifying controllers and processors
  • Joint controllers
  • The role of litigation parties
  • More...

Brexit: The UK's departure from the EU on exit day, ie Friday 31 January 2020, has implications for practitioners considering data protection and GDPR. For guidance, see: Brexit—implications for data protection.

This Practice Note focuses on the General Data Protection Regulation, Regulation (EU) 2016/679 (GDPR), the Data Protection Act 2018 (DPA 2018) and other data protection issues that should or may be considered in connection with dispute resolution proceedings. In the context of civil litigation in England and Wales, it provides UK focused guidance on the background to data protection and the GDPR; the scope and territorial reach of the GDPR; key definitions such as personal data, processing and identifying controllers and processors; and the role of litigation parties. It considers the data protection principles including the possible lawful grounds for processing such as consent, compliance with a legal obligation, legitimate interests, performance of a task carried out in the public interest and performance of a contract; fairness and transparency; data minimisation; storage limitation or data retention; integrity and confidentiality; accountability and governance, as well as exemptions to the GDPR in the UK. The Practice Note also takes into account Article 29 Working Party and ICO guidance and looks at data subjects’ rights, data mapping, data protection impact assessments (DPIAs), transfer of data outside the EEA, extra territorial reach and sanctions for breach of GDPR.

This

Related documents:

Popular documents