Trethowans’ data protection team is working on a series of data protection Q&A articles which will cover the main concepts of data protection law and issues of interest to businesses. Here you will find the articles published so far.
Our data protection specialists
Louise Thompson has many years of experience in supporting clients from a wide range of industries in relation to their commercial and technology contracts and also advises on data protection law with particular focus on the data protection aspects of commercial agreements.
Sarah Wheadon is a regulatory solicitor and experienced advocate who helps clients navigate the regulatory law that impacts on business life including data protection, health and safety, trading standards and environmental law compliance.
Data Protection Guide for Organisations
- What is data protection law, why do we have it and why do we have to comply with it?
- What is personal data?
- What is special category/ sensitive personal data?
- What is criminal offence personal data?
- What does “processing” of personal data mean?
- Does my organisation need a Data Protection Officer (DPO)?
- Does my organisation need to register with the ICO?
- Is my organisation a controller or a processor under data protection law?
- What does it mean if my organisation is a joint controller of personal data?
- Jargon explained: encryption, anonymisation and pseudonymisation
- For what purposes can my organisation collect, use and process personal data?
- On what basis can we process employee criminal conviction data?
- On what basis can we process special category personal data?
- What if we are processing personal data about children?
- What do we need to do a data protection impact assessment (DPIA)?
- What do we need to do a legitimate interests assessment (LIA)?
- What is a privacy notice and what should it include?
- Do we need to update our 2018 GDPR privacy notice?
- Should we have more than one privacy notice?
- What data protection considerations apply to our website?
- What are the Data Protection Principles and why do they matter?
- What rights does an individual have under data protection law?
- What is a subject access request (SAR)?
- How long do we have to respond to a SAR?
- Can we clarify a SAR?
- What steps must we take to respond to a SAR?
- Do we have to provide all information requested in a SAR?
- Recent case on SARs: issues for organisations to consider
- When can we refuse a SAR?
- Can we ignore a SAR?
- Subject access request Q&A
Subject Access Request (SAR) series
- What is a subject access request (SAR)?
- How long do we have to respond to a SAR?
- Can we clarify a SAR?
- What steps must we take to respond to a SAR?
- Do we have to provide all information requested in a SAR?
- Recent case on SARs: issues for organisations to consider
- When can we refuse a SAR?
- Can we ignore a SAR?
- Subject access request Q&A
Data Protection Quarterly News Roundups
