The following Risk & Compliance guidance note provides comprehensive and up to date legal information covering:
Brexit: As of exit day (31 January 2020), the UK is no longer an EU Member State, but it has entered an implementation period during which it continues to be treated by the EU as a Member State for many purposes. The UK must continue to adhere to its obligations under EU law, including in relation to data protection, and the ICO has confirmed the GDPR will continue to apply during the implementation period. For more information, see: Practice Note: Brexit—implications for data protection.
An organisation cannot simply process personal data because it wishes to do so. It can only process personal data if it satisfies one of the conditions set out in Article 6(1) of Regulation 2016/679, General Data Protection Regulation. These are commonly known as the ‘lawful grounds’, ‘legitimate grounds’ or ‘conditions’ for processing.
If your organisation processes personal data in the absence of a lawful ground, it will breach the GDPR. Failing to comply with the GDPR can expose an organisation to serious reputational damage, claims by aggrieved data subjects and fines up to €20m or up to 4% of the total worldwide annual turnover.
Under the GDPR, there are six potentially lawful grounds for processing personal data:
the data subject has given consent to the processing of their personal
**excludes LexisPSL Practice Compliance, Practice Management and Risk and Compliance. To discuss trialling these LexisPSL services please email customer service via our online form. Free trials are only available to individuals based in the UK. We may terminate this trial at any time or decide not to give a trial, for any reason. Trial includes one question to LexisAsk during the length of the trial.
To view the latest version of this document and thousands of others like it, sign-in to LexisPSL or register for a free trial.
Existing user? Sign-in
Take a free trial
Take a free trial
0330 161 1234