Legal professional privilege and the Data Protection Act 2018

A finger print being taken

GDPR, the mammoth new data protection regulation, came into force across the EU in May this year. Alongside it, the Data Protection Act 2018 was passed by the UK Parliament, replacing the DPA 1998 and giving the UK a single source of data protection legislation.

Designed to be read alongside GDPR, the DPA added to the bits of law that GDPR does not cover and expanded on the areas the UK chose to opt-out from or amend. One of these key areas is legal professional privilege. Legal professional privilege is a fundamental human right which allows clients to have open conversations with their lawyers in order to allow lawyers to provide their clients with the best service.

While the GDPR does not include any provisions for legal professional privilege, the DPA 2018 clearly stipulates that the provisions of the act do not apply to personal data that consists of information in respect of which a claim to legal professional privilege could be maintained. This could refer to legal professional privilege in legal proceedings or information in respect of which a duty of confidentiality is owed by a professional legal advisor to a client of the advisor.

Due to these changes, and what they mean for GDPR rights such as subject access requests, VinciWorks has produced a comprehensive guide to the DPA and legal professional privilege, in addition to our in-depth webinar on the Data Protection Act 2018.

Download guide

What does the guide cover?

VinciWorks Guide to the DPA and Legal Professional Privilege covers the following:

    • What is the DPA 2018?

 

    • Which gaps does the DPA 2018 fill which are missing from GDPR

 

    • Does GDPR or the DPA take precedence?

 

    • What is legal professional privilege?

 

    • How is legal professional privilege affected by the DPA 2018?

 

    • How should a law firm respond if they believe they hold information which is covered under the legal professional privilege exemption?

 

    • What law firm procedures need to be in place?

 

  • Checklist for legal professional privilege and the DPA 2018

Can I share this guide?

You can share this guide with anyone in your firm whom you think could benefit.

What should I do if I need to know more?

VinciWorks has a suite of training courses, policy templates and guides on everything related to GDPR and the Data Protection Pack. You can instantly access our free GDPR resources by visiting VinciWorks’ GDPR resource page.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.