Q&As

What are the risks of an organisation keeping an internal list of blacklisted companies and/or individuals with whom it does not wish to do business on the basis of information received from third parties or from its own research?

read titleRead full title
Published on LexisPSL on 15/02/2017

The following Information Law Q&A provides comprehensive and up to date legal information covering:

  • What are the risks of an organisation keeping an internal list of blacklisted companies and/or individuals with whom it does not wish to do business on the basis of information received from third parties or from its own research?
  • Data protection
  • Changes as a result of the General Data Protection Regulation
  • Defamation
  • ERA 1999 Blacklists Regulations
  • Competition law considerations

In answering this Q&A, we have limited our research to cover data protection, defamation, restrictive agreements in competition law and the Employment Relations Act  1999 (Blacklists) Regulations 2010, SI 2010/493. In conducting our research we have assumed that the organisation is not a public authority or otherwise subject to any public procurement regime.

Data protection

If the information within the list relates to a living individual, the Data Protection Act 1998 (the DPA 1998) may apply. The DPA 1998, governs the processing of personal data in the UK and it obliges those handling such data to comply with eight data protection principles.

For more information, see Practice Note: Data protection—background and key definitions and in particular the sections on Data, Personal data, Processing and Relevant filing system.

If the DPA 1998 applies to the internal list, we refer you to the following Practice Notes:

  1. Data protection principles—which sets out the eight data protection principles with which any person or organisation that handles personal data must comply

  2. Rights of data subjects—which sets out the rights of an individual who is the subject of personal data

Changes as a result of the General Data Protection Regulation

The General Data Protection Regulation, Regulation (EU) 2016/679, (the GDPR) will be directly applicable and fully enforceable in all EU Member States from 25 May 2018 in place of the DPA 1998.

The GDPR will int

Related documents:

Popular documents