Practical aspects of the General Data Protection Regulation for insolvency professionals
Produced in partnership with Patrick Elliot of Cubism Law
Practical aspects of the General Data Protection Regulation for insolvency professionals

The following Restructuring & Insolvency guidance note Produced in partnership with Patrick Elliot of Cubism Law provides comprehensive and up to date legal information covering:

  • Practical aspects of the General Data Protection Regulation for insolvency professionals
  • What is the GDPR?
  • Key Terms under the GDPR
  • Applicable principles under the GDPR
  • Right to process
  • Data Controller or Data Processor?
  • Purposes for processing
  • Control of data
  • Compliance
  • Individuals’ rights
  • more

What is the GDPR?

The General Data Protection Regulation (GDPR), in force from 25 May 2018, replaces the Data Protection Act 1998 (DPA 1998) and, at least for the time being, will remain in force post-Brexit. The GDPR applies to the processing of personal data and its objective is to protect individuals in this regard while promoting the free movement of personal data.

Insolvency professionals process personal data as partners/employees/consultants of their respective organisations but also by virtue of their appointments as office-holders. They are subject to the requirements of the GDPR in both capacities.

In this note we provide a brief overview of the requirements of the GDPR as well as some practical considerations for insolvency professionals. Professionals include insolvency practitioners, legal advisers and other professional advisers (eg financial advisers).

Key Terms under the GDPR

Personal data means any information relating to an individual.

Special categories of personal data include racial or ethnic data, political opinions, religious beliefs, trade union membership and health and sexual information.

Controller means the legal entity which, alone or jointly with others, determines the purposes and means for processing.

Processor means a legal entity processing on behalf of a data controller.

For more information, see Practice Note: Key definitions under the GDPR.

Applicable principles under the GDPR

In order to process personal data a number of key