BarTalk, the Bar’s fortnightly newsletter, has published a special issue on the General Data Protection Regulation (GDPR) and how it will affect barristers.
The GDPR, due to take effect on 25 May in the UK, introduces more stringent safeguards on the use of personal data across EU Member States. The Data Protection Bill will implement GDPR provisions into UK law—the Bar Council is hoping its concerns over legal professional privilege and immigration law will be tabled as amendments at Report Stage.
The newsletter highlights various key issues, for example, that self-employed barristers are ‘data controllers’ not ‘data processors’, with some exceptions, and so should not enter into a data processing contract with solicitors’ firms. A data processing contract may conflict with a barrister’s code of conduct obligations and their duty to the court.
It also contains links to the IT Panel’s chapter-by-chapter blog on what barristers and chambers need to do to prepare for the GDPR, and links to other useful sources of information such as its GDPR Toolkit.
Melanie Mylvaganam, Bar Council Policy Analyst: Legal Affairs, Practice & Ethics, said: ‘The Bar Council has been working tirelessly to prepare the profession through its advice documents, blogs and articles, practical resources and training seminars.
‘Protecting your client’s personal data is a legal obligation as well as an ethical one.’
Jacqueline Reid, 11 South Square, Chair of the Bar’s IT Panel, said: ‘The GDPR requires a far greater focus on the minimisation of the data we keep.
‘Ask yourself why you are keeping it and whether you could justify that decision to your clients, the Bar Standards Board and the Information Commissioner’s Office if there was an unauthorised disclosure. Set up your systems to make it easier to know when to delete it and then actually delete it.’
