We have submitted our response to the White Paper Consultation based on the discussion held at the “Planning for the Future - what does this mean for affordable housing” webinar we held on Fri 9 Oct
The General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018) have already been in force for nearly four months (clearly time flies when you are having fun!). As the dust begins to settle on these new pieces of legislation, here are some key messages that we have taken from our work with our clients so far.
Don’t bury your head in the sand
Dealing with data protection issues that arise in your organisation can be stressful and, let’s be honest, quite scary, especially when the issue is particularly complex or involves sensitive information. Equally, complying with lots of tricky rules and regulations can be seen as time-consuming, unimportant and dull! Consequently, it’s sometimes easier to sweep your data protection tasks under the carpet and hope they go away (or at least hope they remain very quiet).
You won’t be surprised to hear us say that this isn’t the way to deal with things.
Data protection is, first and foremost, about people
If and when you feel this way about a piece of data protection work, remind yourself that these pieces of legislation are actually about people. At their heart isn’t data; rather it’s your clients, customers, students, colleagues, contractors etc. (the list goes on and on). They exist to protect our rights over our personal information, including how that information is gathered, processed and stored. Somewhere, at any moment in time, your personal information is being protected by the principles of the GDPR. However, the GDPR’s ability to look after our personal information is reliant on those of us who manage data and data protection compliance acting pro-actively. This is illustrated very nicely by the (rather extreme) Cambridge Analytica scandal in which it now seems that the individuals involved in the breach either had no idea or cared very little about the data protection laws that applied to their activities. In other words, they weren’t being pro-active and were purposefully burying their heads in the sand, which brings us on nicely to our next point.
There have been loads of myths published about the GDPR that are unhelpful and very often untrue. These have fuelled the panic around the legislation and have unfairly given our four-lettered friend a bad name that we are committed to putting right!
For example, one of our multinational clients was concerned they had to report every data breach to the ICO. Due to their size, this would have meant devoting a huge amount of money and resource to this task (they would have had to have employed people full-time just to deal with breach notification). In fact, although you should record each data breach internally, breaches do not always need to be reported to the Information Commissioner’s Office (ICO). For more guidance on data-breach reporting, including when you are obliged to report, see the ICO webinar. Another common myth that we have to dispel ever more frequently relates to the ‘right to erasure’ (unfortunately this has nothing to do with the 80’s synthpop duo) or ‘right to be forgotten’ as its more commonly called. It seems that many of our clients have been led to believe that this is a blanket right. However, it isn’t an absolute right and only applies in certain circumstances. For more guidance on when it does and doesn’t apply, see the following ICO guidance.
We’ve also found that there is some confusion over the relationship between our beloved GDPR and the DPA 2018. Although there are some conflicts between the two pieces of legislation, one does not trump the other, and the DPA 2018 definitely does not ‘replace’ the GDPR. Rather, think of them as a Rodney and Del Boy-esque double act (there will be some bickering and fallout but, ultimately, they are better off together). Because the DPA 2018 has been drafted to work in tandem with the GDPR, they are to be read together and applied as a holistic data protection regime. For further guidance on this dynamic duo see Eeshma Qazi’s ebriefing.
If you do find yourself in a data-protection pickle, or if you’re just not sure about something, it is always best to tackle the issue head-on. The longer you leave it, the more you will risk non-compliance, which could result in a hefty fine. If you sweep it under the carpet or leave it lying around in a steel reinforced box it will only get louder and, eventually, the ICO might hear!
Remember that there is no need to panic. Help and support are at hand. A useful starting point is the ICO website. It contains a wealth of guidance, (and is being updated all the time) which will help you deal with lots of compliance questions. It is even producing podcasts and webinars on topical GDPR subjects.
If that doesn’t help, speak to your Data Protection Officer (if you have one) and don’t be scared to talk to the ICO (it has a helpline you can call). You can also get in touch with a member of our data-protection-loving team, who will be happy to help. Please contact Peter Coe, Eeshma Qazi or Clare Paterson.
Anthony Collins Solicitors is pleased to have been ranked as a Band 1 firm once again.
Since March 2020, commercial property owners and occupiers across many sectors, whether housing associations, charities, care providers or local authorities, have been impacted by the rules regulating how they deal with their tenants and their landlords. It seems each week there is a change in policy, regulation or legislation, governing how they must respond.
A key element of the Bill is the establishment of a duty holder regime and requirement to maintain the ‘golden thread of information’ throughout the life cycle of high-risk residential buildings
We have been working with care homes to update their contracts and advise on the risks of charging the resident a regular “top-up” or additional fee where a resident is funded through NHS CHC
The parliamentary processes are complete and the Restriction of Public Exit Payments Regulations 2020 (“the Regulations”) which cap exit payments in the public sector at £95,000 will be in force from 4 November.
As the UK’s social housing sector recovers from the initial Covid-19 outbreak and lockdown, now is the time to focus on the challenges that may emerge next.
There is no universal approach to regenerating town centres. However, housing must be considered a key part of any regeneration project – providing well-needed new homes and economic growth.
Friday 16 October marks the 6th annual Wear Red Day in England, Wales and Scotland. Wear Red Day is the brainchild of the charity; Show Racism the Red Card (SRTRC). SRTRC aims to educate young people so they are equipped to recognise and challenge stereotypes, misconceptions and negative attitudes towards race.
Alongside the Building Safety Bill published in July 2020, the Fire Safety Bill is a key step in the Government’s strategy to improve building and fire safety in the wake of the Grenfell Tower tragedy
To receive invitations to our events, as well as information and articles on legal issues and sector developments that are of interest to you, please sign up to Newsroom.