GDPR for transactional property lawyers
GDPR for transactional property lawyers

The following Property guidance note provides comprehensive and up to date legal information covering:

  • GDPR for transactional property lawyers
  • What is the GDPR and as a property lawyer why should I care about it?
  • Impact of Brexit on GDPR and data protection
  • Key transaction trigger summary table
  • Key definitions under the GDPR
  • What are the penalties for non-compliance?
  • Is the GDPR regime substantially different from data protection law before 25 May 2018?
  • Does the GDPR apply in all property transactions?
  • Territorial scope of the GDPR
  • When is my client a controller and when is it a processor?
  • more

What is the GDPR and as a property lawyer why should I care about it?

The processing of personal data in the UK is governed by the General Data Protection Regulation (EU) 2016/679 (the GDPR) and the Data Protection Act 2018 (DPA 2018). The GDPR became directly applicable and enforceable from 25 May 2018. As was the case under the pre—25 May 2018 data protection regime, it is not generally the role of a property lawyer to advise clients on the data protection obligations that apply to their business. Analysing the lawful basis on which clients process personal data merits specialist data protection advice. Property lawyers should, however, have an overview of the GDPR so they can recognise:

  1. where specific data protection drafting may be required in property transaction documents, and

  2. how a client’s obligations under the GDPR may impact on property transaction management

As highlighted in the Key transaction trigger summary table:

  1. although the GDPR generally includes the same concepts and considerations as under the previous data protection regime, there are some important changes. In particular, a significant increase in penalties for non-compliance may bring data protection obligations into sharper focus

  2. as was the case before the GDPR, in the absence of specific guidance from the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO), or The Law