The GDPR and DPA 2018 have already been in force for nearly four months. Here we talk through some of the key learnings since May.
Our specialist data protection and freedom of information solicitors support health and social care providers to ensure they comply with the complex legislation.
Whether your organisation is storing, copying, transferring personal data or is faced with requests for confidential information, our experienced team can support you to ensure the correct compliance measures are being taken.
The Data Protection Act 1998
The Data Protection Act 1998 controls how personal information about individuals is used by organisations, businesses and the Government. Those responsible for using data are bound by the Data Protection Act to follow the data protection principles, which have been put in place to ensure information is:
- Used fairly and lawfully and with a legal ground for processing.
- Used for limited, specifically stated purposes.
- Used in a way that is adequate, relevant and not excessive.
- Kept for no longer than is absolutely necessary.
- Handled according to people’s data-protection rights.
- Kept safe and secure.
- Not transferred outside the European Economic Area without adequate protection for the data-protection rights of individuals.
In instances where the data refers to sensitive information; such as ethnic background, political opinions, religious beliefs, health, sexual health and criminal records, there is stronger legal protection.
The Freedom of Information Act 2000
The Freedom of Information Act 2000 provides public access to information held by public authorities. There are two ways in which it does this:
- Public authorities are obliged to publish certain information about their activities.
- Members of the public are entitled to request information from public authorities.
The Freedom of Information Act covers all recorded information that is held by a public authority, such as government departments, local authorities, the NHS, schools and police forces, in England, Wales and Northern Ireland, and by UK-wide public authorities based in Scotland. Information held by Scottish public authorities is covered by Scotland’s own Freedom of Information (Scotland) Act 2002.
Our data protection and freedom of information service
At Anthony Collins Solicitors, we work in partnership with you to provide clear, practical advice on all aspects of information law. We work closely with you in order to help you to provide effective and pragmatic solutions to data-protection issues; such as disclosures of personal data to third parties and complex subject access requests under the Data Protection Act 1998. We assist with issues that can arise under the Freedom of Information Act 2000 when charities enter into contracts with public-sector bodies.
We also work with you, as a health and social care provider, to provide training on data protection and freedom of information which is tailored to the requirements of your organisation and is focused on the issues that are likely to arise within the health and social sector in which you operate.
Our experienced team use their extensive sector and legal knowledge to ensure your organisation operates in accordance with the law relating to data protection and freedom of information, including:
- Advice on data security, data breaches and reputation management.
- Drafting of, and advice in relation to, policy documentation, privacy notices, data-processing contracts and data-sharing protocols.
- Advice in relation to requests for disclosure, subject access and applicable exemptions.
- Advice in relation to collection and handling of personal data and, particularly, sensitive personal data and the legal grounds for processing under the Data Protection Act.
- Advice on the direct-marketing rules under the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
- Assisting with making Freedom of Information Act requests and advice in relation to the receipt of such requests, including applicable exemptions.
- Advice on privacy-affecting technologies such as CCTV.
- Advice in relation to DBS checks and conviction information.
- Review of commercial contracts and advice in relation to Freedom of Information Act and data protection clauses, including implications for outsourcing, cloud computing and international data transfer
In what has been a veritable deluge of data protection-related developments, we now have in our midst, a brand-new, homegrown iteration of data protection legislation; the Data Protection Act 2018.
We are now only a few weeks away from the biggest change to data protection laws in over 20 years. Are you compliant?
To receive invitations to our events, as well as information and articles on legal issues and sector developments that are of interest to you, please sign up to Newsroom.