Until now, the general approach has been that a company cannot claim privilege against its own...
The EU’s general data protection regulation (GDPR) came into force in May 2018, replacing all data protection legislation in EU member states.
The legislation applies to the “processing” of “personal data”, both terms being very widely defined. This means that practically any business operating in the UK which holds information about individuals (whether employees, customers or anyone else) is affected. Since breaches of Data Protection laws can result in criminal as well as civil liability (not to mention adverse publicity), you cannot afford to ignore your Data Protection obligations.
The Data Controller is defined as the person who determines the purposes for which and the manner in which any personal data is processed. In contrast, a Data Processor processes personal data only on behalf of a Data Controller. Where, for example, payroll administration is outsourced to a third party, that third party will usually be a Data Processor.
We not only advise our clients as Data Controllers and Data Processors but also prepare appropriate Privacy Policies and advise on the content of clients’ Websites to ensure that any information collected and stored, whether via the Web or otherwise, is stored in compliance with legislation.
We also advise on the extent to which personal data may be used for marketing purposes.