Data protection laws in the UK are primarily dealt with under the Data Protection Act 2018 and the version of the General Data Protection Regulations retained in UK law following the UK’s exit from the European Union. Knowing exactly what your business needs to do to ensure it is compliant with data protection laws can be daunting and having a dedicated legal team who can assist with any queries can be of vital importance.
Data Protection Regulations
Following the UK’s exit from the EU, there are potentially now two sets of data protection regulations that you will need to comply with in addition to complying with the Data Protection Act 2018. They are the EU GDPR and the version of the GDPR retained in UK law following its departure from the EU (often referred to as the UK GDPR). The UK GDPR is derived substantially from the EU GDPR and, in general, the terms and core concepts of the UK GDPR have the same meaning as they do in the EU GDPR. However, there are a number of key differences between the two regimes.
Obtaining proper, tailored advice on compliance with the Data Protection Act 2018 and both the UK GDPR and, where relevant, the EU GDPR is crucial for your business. Our specialist business law solicitors have a real understanding of the legislative framework around data protection and are able to advise businesses on compliance with the same. We will work closely with your business to understand the data you process and how it is processed (by you and by third parties) to provide specific, bespoke advice to your business on current compliance and on any future needs.
Whilst the EU GDPR applies to the European Economic Area (EEA), of which the UK is no longer part, the EU GDPR can also still apply to UK-based businesses where data of any resident of an EEA country is processed. If your business is based in the UK, we can advise you on whether your business is affected by the EU GDPR and, if so, the extent of your compliance obligations. We are also able to advise international businesses on compliance, both with UK data protection laws and with the EU GDPR.
The UK retained a version of the GDPR, or General Data Protection Regulations, when it left the EU and so all UK businesses will need to comply with that retained version of the GDPR (often called the UK GDPR). In addition, if you process the personal data of any EEA national, you will also need to also comply with the EU GDPR.
There are seven principles of the GDPR and they are lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality (i.e. security) and accountability.
‘Soft opt-in’ is a concept derived from the Privacy and Electronic Communications Regulations. It is where a business sends marketing messages to a customer using data gathered from that customer when they bought or expressed interest in business’ products or services at an earlier date.
You can only use soft opt-in where you are offering goods or services to that customer which are similar to the goods or services previously bought by them or in which they previously expressed interest. Soft opt-in can only be used when you are selling something or negotiating to sell something and so soft opt-in cannot be used for campaigning or fundraising (for example, on behalf of a charity).
What Our Customers Say
We’ve helped many happy clients with Corporate and Commercial Law cases. Read our testimonials below:
Contact Us To Discuss Corporate Law
If you have questions regarding Corporate Law, or wish to discuss your case with our team, we’d be happy to hear from you. Contact your nearest branch today.
Our phone lines are open Mon to Fri: 9:00 am – 5:00 pm.
Tinsdills Solicitors – managing all aspects of Corporate Law across Staffordshire, Cheshire, Derbyshire and Shropshire.
Read our blog for up-to-date news and updates from Tinsdills Solicitors.