Trethowans’ data protection team is working on a series of data protection Q&A articles which will cover the main concepts of data protection law and issues of interest to businesses. Here you will find the articles published so far.
Our data protection specialists
Louise Thompson has many years of experience in supporting clients from a wide range of industries in relation to their commercial and technology contracts and also advises on data protection law with particular focus on the data protection aspects of commercial agreements.
Sarah Wheadon is a regulatory solicitor and experienced advocate who helps clients navigate the regulatory law that impacts on business life including data protection, health and safety, trading standards and environmental law compliance.
Data Protection Guide for Organisations
- What is data protection law, why do we have it and why do we have to comply with it?
- What is personal data?
- What is special category / sensitive personal data?
- What is criminal offence personal data?
- What does “processing” of personal data mean?
- Does my organisation need a Data Protection Officer (DPO)?
- Does my organisation need to register with the ICO?
- Is my organisation a controller or a processor under data protection law and why is it important to know?
- What does it mean if my organisation is a joint controller of personal data with another organisation?
- Jargon explained: What do encryption, anonymisation and pseudonymisation mean in data protection law?
- For what purposes can my organisation collect, use and process personal data?
- On what basis can my organisation process personal data about an employee’s criminal convictions?
- On what basis can my organisation process special category personal data?
- Are there any additional considerations if my organisation is processing personal data about children?
- When does my organisation need to do a data protection impact assessment (DPIA)?
- When does my organisation need to do a legitimate interests assessment (LIA)?
- What is a privacy notice, why does my organisation need one and what information do we need to include?
- Our organisation has a privacy notice which was produced when the GDPR came into force in 2018. Do we need to update it?
- My organisation has a customer privacy notice, but should we have other notices as well?
- What data protection considerations do I need to be aware of for my organisation’s website?
- What are the Data Protection Principles and why are they important?
- What data protection rights does an individual have?
- What is a subject access request?
- How long does my organisation have to respond to a subject access request (SAR)?
Quarterly News Roundups
- Data Protection Quarterly News Roundup (October to December 2022)
- Data Protection Quarterly News Roundup (January to March 2023)
- Data Protection Quarterly News Roundup (April to June 2023)
- Data Protection Quarterly News Roundup (July to September 2023)
- Data Protection Quarterly News Roundup (October to December 2023)
- Data Protection Quarterly News Roundup (January to March 2024)
- Data Protection Quarterly News Roundup (April to June 2024)
News and other data protection articles
- AI and Chat GPT
- Adequacy decision and reprimands
- Meta’s EU – US personal data transfers deemed unlawful
- GDPR turns 5: should you be reviewing your data protection documents and policies?
- Charities and Data Protection
- Data protection law – mistakes and misconceptions
- Data protection reform is coming (we think!)
- Alert: Interesting new DSAR case