Data protection and information law

Data protection. Utter the words and the immediate response from many people will be “GDPR”.

The introduction of the General Data Protection Regulation, the Law Enforcement Directive and the Data Protection Act 2018 was a once in a generation event. The old regime received a significant face-lift, with the repeal of the existing 1995 Directive and Data Protection Act 1998. Organisations of all shapes and sizes are impacted as a result of these changes in law and would be well advised to take legal advice from expert solicitors who specialise in data protection and privacy matters.

We have advised clients across the public, private and third sectors on data protection, privacy and freedom of information matters for many years. Recently, a large focus of our work has been on supporting clients with their GDPR compliance programmes, including:

• Preparing records of processing activities
• Updating privacy notices, website terms, standard contracts, staff handbooks and internal policy documents
• Drafting and negotiating amendments to existing contracts
• Providing subject matter expertise on new technology solutions, e.g. enshrining privacy by design in software development projects
• Developing internal processes for organisations (e.g. data breach processes, data protection impact assessment processes)
• Advising on governance matters (e.g. the recruitment and role of data protection officers, aligning GDPR requirements to existing corporate structures)
• Advising on international data transfer models, including advising on recent development with the EU-US privacy shield
• Providing training to employees on the GDPR.

Whilst there is so much focus on the GDPR, it is also important to remember that there are other data protection, privacy and information law matters to consider carefully as well. Case law in these areas is constantly changing the legal landscape, and as individuals become more closely acquainted with – and willing to enforce – their data rights, organisations need to ensure that their policies, processes and people are equipped to deal with issues as and when they arise. More broadly, developments in technology such as artificial intelligence, biometric solutions and complex big data sharing arrangements, particularly in the public sector, present novel questions for which bespoke legal solutions may be required.

We have a particular expertise in advising on the Law Enforcement Directive and Part 3 of the Data Protection Act. Often overlooked and left in the shadow of the GDPR, this legislation is fundamentally important to “competent authorities”, including central Government departments, police forces, regulators, other law enforcement agencies and authorities processing personal data for law enforcement purposes (including local authorities).

As a firm which has deep roots in the public sector, we also frequently advise on compliance with the Freedom of Information Act, the Environmental Information Regulations and similar legislation, and on responding to Parliamentary Questions. This ranges from advising on responses to requests for information, conducting audits of information which is potentially disclosable, advising on the applicability of statutory exemptions, responding to Information Commissioner investigations/complaints handling and dealing with vexatious requests.

Recent work

• advising the Financial Conduct Authority on its GDPR preparation and readiness project;
• advising a group of nine police forces on the development of a new software product, providing subject matter expertise and enshrining privacy by design in the development cycle, to ensure that the product is GDPR compliant;
• advising a Police and Crime Commissioner on the implementation of a new governance model with the local fire and rescue authority, including revising the Commissioner’s constitution and data protection policies and procedures to ensure compliance with the GDPR and the Law Enforcement Directive;
• advising a County Council on a business critical transfer of large volumes of sensitive personal data outside of the EEA, including drafting appropriate data processing terms and ensuring adequate safeguards were implemented to ensure the security and compliance of the arrangement;
• advising a group of local authorities on responding to a series of Freedom of Information Act requests from the BBC, the Sunday Mirror, a claims management company and private individuals following a high profile public law matter; and
• advising an innovative technology company based in Israel on its GDPR compliance roadmap, in support of its bid to a major UK retailer.

What others say

“We noticed and appreciated your great attention to detail and relentless determination to always render sound legal advice and release high quality work products on time. We are extremely proud and grateful to have you as part of our team and look forward to your future contributions.”

“Over the past couple of years I have had the great pleasure of working with Gareth and his team on numerous complex…matters. [They have been] truly outstanding and professional. Another key ingredient in any relationship, is that Sharpe Pritchard have a wonderful work ethos and commitment towards their staff/external consultants – they do genuinely care/value and develop members of their team.”

“I would just like to place on record my thanks to both you [Gareth] and Charlotte for your support and guidance throughout the process which has resulted in good outcomes for the Council. The route has not been easy…and I thank you for seeing the process through to its pleasing conclusion.”