Our experienced data protection and freedom of information solicitors provide support to social enterprises to ensure they comply with the relevant complex legislation.
If your social enterprise is storing, copying or transferring personal data or is dealing with requests for confidential information, our dedicated information-law team can support your organisation to ensure the correct measures are being taken for compliance with legislation.
One of the most important pieces of legislation when it comes to information law is The Data Protection Act 1998, which controls how personal information about individuals is used by organisations, businesses and the Government. Those responsible for using data are bound by the Data Protection Act to follow the data-protection principles, which have been put in place to ensure information is:
- Used fairly and lawfully and with a legal ground for processing.
- Used for limited, specifically stated purposes.
- Used in a way that is adequate, relevant and not excessive.
- Kept for no longer than is absolutely necessary.
- Handled according to people’s data-protection rights.
- Kept safe and secure.
- Not transferred outside the European Economic Area without adequate protection for the data protection rights of individuals.
In circumstances where the information being used is of a sensitive nature and refers to an individual's ethnic background, political opinions, religious beliefs, health, sexual health or criminal records, there is stronger legal protection.
The Freedom of Information Act provides public access to information held by public authorities. There are two ways in which it does this:
- Public authorities are obliged to publish certain information about their activities.
- Members of the public are entitled to request information from public authorities.
The Freedom of Information Act covers all recorded information that is held by a public authority, such as government departments, local authorities, the NHS, schools and police forces, in England, Wales and Northern Ireland, and by UK-wide public authorities based in Scotland. Information held by Scottish public authorities is covered by Scotland’s own Freedom of Information (Scotland) Act 2002.
Our data protection and freedom-of-information service
We understand that our social-business clients often handle a variety of sensitive and confidential personal data. Our information-law team regularly works with social enterprises to provide effective solutions to data-protection issues such as requests for disclosures of personal data to third parties and complex subject-access requests under the Data Protection Act 1998.
We also work with social enterprises to assist with issues that can arise under the Freedom of Information Act 2000, particularly where clients enter into contracts with public-sector bodies. Our information-law team uses their sector knowledge and experience to deliver bespoke data protection and freedom of information training to our social-business clients.
Our experienced team uses their extensive sector and legal knowledge to advise social enterprises on all aspects of data protection and freedom of information, including:
- Advice on data security, data breaches and reputation management.
- Drafting of, and advice in relation to, policy documentation, privacy notices, data-processing contracts and data-sharing protocols.
- Advice in relation to requests for disclosure, subject access and applicable exemptions.
- Advice in relation to collection and handling of personal data and, particularly, sensitive personal data and the legal grounds for processing under the Data Protection Act.
- Advice on the direct marketing rules under the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
- Assisting with making Freedom of Information Act (FOIA) requests and advice in relation to the receipt of such requests, including applicable exemptions.
- Advice on privacy affecting technologies such as CCTV.
- Advice in relation to DBS checks and conviction information.
- Review of commercial contracts and advice in relation to Freedom of Information Act and Data Protection clauses, including implications for outsourcing, cloud computing and international data transfers.
Our latest articles
Although the Working Time Regulations (the Regulations) were implemented in the UK in 1998, there is still a significant amount of misunderstanding on what...
Yes, held the Employment Appeal Tribunal in the case of International Petroleum v Osipov and others UKEAT/0229/16 and UKEAT/0058/17, which upheld a finding that...
As most providers in the social care sector will be aware, the Government and HM Revenue and Customs (HMRC) have been reviewing and changing...
The ET Fees Refund Scheme has opened to everybody to apply for a refund if they paid fees in respect of a tribunal claim...
The Court of Appeal in Royal Mail v Jhuti  EWCA Civ 1632 recently overturned the decision of the Employment Appeal Tribunal (EAT) that...
No, holds the Employment Appeal Tribunal (EAT) in a recent case of NHS 24 v Pillar UKEATS/0005/16. The ETA has confirmed that the key...
To receive invitations to our events, as well as information and articles on legal issues and sector developments that are of interest to you, please sign up to Newsroom.