Our modern day dependence on computers is such that almost all businesses come into daily contact with large amounts of personal information. The use of such personal information brings with it various legal responsibilities.

In the UK all organisations which handle personal information must comply with the Data Protection Act 1998. This Act creates a framework to ensure that organisations handle personal information properly by balancing the rights of individuals to personal privacy with the legitimate need for organisations to use personal information. It does so by imposing a number of obligations on organisations whilst at the same time giving individuals certain rights, such as the right to know what information is held about them.

All organisations which handle personal information are required to comply with the eight Data Protection Principles. They require that personal information must be:-

1. fairly and lawfully processed in accordance with certain conditions
2. processed for limited purposes
3. adequate, relevant and not excessive
4. accurate and up to date
5. not kept for longer than is necessary
6. processed in line with individual’s rights
7. secure
8. not transferred to countries outside the European Economic Area without adequate protection

Every organisation which handles personal information within the UK must also register with the Information Commissioner’s Office unless exempt from doing so. The Information Commissioner has responsibility for overseeing compliance with the Act and can take action against errant organisations.

Our data protection services

Our experienced Information Law team provides a range of practical and commercially oriented legal advice on data protection matters to keep you on the right side of the law. Our specialists have extensive experience of advising clients in both the public and private sectors on how to comply with UK data protection laws. Our range of data protection compliance services include:-

Compliance: providing general compliance advice. This includes advising on the requirements laid down by the Act and related legislation as well as the various Codes of Practice and Good Practice Notices issued by the Office of the Information Commissioner.

Notices and Policies: preparing data protection notices and policies, Internet privacy policies, e-mail and electronic communications policies and document retention policies.

Contracts: drafting appropriate data protection provisions for use in contracts and advising on the appointment of data processors.

Commercial: advising on the data protection aspects of corporate transactions, including joint ventures and the sale and purchase of businesses and assets.

Notification: advising on notification requirements, including preparing, reviewing and updating registrations.

Complaint handling: assisting with the handling of complaints made by individuals.

Enforcement: advising on notices served and enforcement action taken by the Information Commissioner’s Office.

International transfers: advising on the transfer of personal data outside the European Economic Area.

Freedom of Information: advising on the interaction between the Data Protection Act 1998 and the UK’s freedom of information laws.

We also provide Data Protection Training (click here to view) and a Data Protection Audit Service (click here to view).

Want to find out more?

For further information on our Data Protection Services please contact David Gourlay on 0131 272 8377 or dgourlay@mcclurenaismith.com or Euan Duncan on 0141 303 7814 or eduncan@mcclurenaismith.com.