Our experienced data protection and freedom of information solicitors provide support to social enterprises to ensure they comply with the relevant complex legislation.
If your social enterprise is storing, copying or transferring personal data or is dealing with requests for confidential information, our dedicated information-law team can support your organisation to ensure the correct measures are being taken for compliance with legislation.
One of the most important pieces of legislation when it comes to information law is The Data Protection Act 1998, which controls how personal information about individuals is used by organisations, businesses and the Government. Those responsible for using data are bound by the Data Protection Act to follow the data-protection principles, which have been put in place to ensure information is:
- Used fairly and lawfully and with a legal ground for processing.
- Used for limited, specifically stated purposes.
- Used in a way that is adequate, relevant and not excessive.
- Kept for no longer than is absolutely necessary.
- Handled according to people’s data-protection rights.
- Kept safe and secure.
- Not transferred outside the European Economic Area without adequate protection for the data protection rights of individuals.
In circumstances where the information being used is of a sensitive nature and refers to an individual's ethnic background, political opinions, religious beliefs, health, sexual health or criminal records, there is stronger legal protection.
The Freedom of Information Act provides public access to information held by public authorities. There are two ways in which it does this:
- Public authorities are obliged to publish certain information about their activities.
- Members of the public are entitled to request information from public authorities.
The Freedom of Information Act covers all recorded information that is held by a public authority, such as government departments, local authorities, the NHS, schools and police forces, in England, Wales and Northern Ireland, and by UK-wide public authorities based in Scotland. Information held by Scottish public authorities is covered by Scotland’s own Freedom of Information (Scotland) Act 2002.
Our data protection and freedom-of-information service
We understand that our social-business clients often handle a variety of sensitive and confidential personal data. Our information-law team regularly works with social enterprises to provide effective solutions to data-protection issues such as requests for disclosures of personal data to third parties and complex subject-access requests under the Data Protection Act 1998.
We also work with social enterprises to assist with issues that can arise under the Freedom of Information Act 2000, particularly where clients enter into contracts with public-sector bodies. Our information-law team uses their sector knowledge and experience to deliver bespoke data protection and freedom of information training to our social-business clients.
Our experienced team uses their extensive sector and legal knowledge to advise social enterprises on all aspects of data protection and freedom of information, including:
- Advice on data security, data breaches and reputation management.
- Drafting of, and advice in relation to, policy documentation, privacy notices, data-processing contracts and data-sharing protocols.
- Advice in relation to requests for disclosure, subject access and applicable exemptions.
- Advice in relation to collection and handling of personal data and, particularly, sensitive personal data and the legal grounds for processing under the Data Protection Act.
- Advice on the direct marketing rules under the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
- Assisting with making Freedom of Information Act (FOIA) requests and advice in relation to the receipt of such requests, including applicable exemptions.
- Advice on privacy affecting technologies such as CCTV.
- Advice in relation to DBS checks and conviction information.
- Review of commercial contracts and advice in relation to Freedom of Information Act and Data Protection clauses, including implications for outsourcing, cloud computing and international data transfers.
Our latest articles
The recent ransomware attack, affecting the NHS and other corporate organisations across the globe, is a salutary lesson to all of us, individuals, businesses...
The General Data Protection Regulations (GDPR) will come into force on 25 May 2018 and bring changes to the rules governing data protection and...
Katie Hopkins, the controversial columnist and former Apprentice candidate, has been ordered to pay £24,000 in damages to food writer, Jack Monroe, following two...
Welcome to this quarter's company secretary update, where we explore the key developments and highlights for company secretaries.
We are proud to announce the release of our 2016 Annual Report.
ICO Publishes Guidance on preparing for the new EU General Data Protection Regulation (GDPR) and launches new dedicated GDPR website.
To receive invitations to our events, as well as information and articles on legal issues and sector developments that are of interest to you, please sign up to Newsroom.