Data Protection Policy

2.43 We are fully committed to compliance with the requirements of the General Data

Protection Regulations 2018. Any member of our staff with an enquiry about the

handling and processing of personal data should approach our Data Protection Officer

who is responsible for data protection in our firm.

2.44 IPS staff take the responsibility in processing clients’ data seriously by ensuring that

clients’ privacy and data is confidentially stored and secure.

We are committed to ensuring that clients’ data is processed for the purpose of advising and

representing them in their legal matters or to update them on the changes in the law.

2.45 We are committed to ensuring that clients know what information we will collect from

them when advising and representing them in their legal matters.

2.46 We are responsible for informing clients about why we collect their data and how we

will use their data for the purpose of advising and representing them in their legal matters.

2.47 We are aware that clients can withdraw their consent to us processing their data at any

given time. Data subjects can request their information at any given time.

IPS will process the subject access request within 21 days of receiving the request.

2.48 It is the responsibility of all Partners to ensure that:

  • the partnership is registered with the Information Commissioner’s Office for all necessary activities under the GDPR;
  • there is a process of continual review to determine whether any changes in thepartnership’s registration are required as a result of changes in the nature ofthe business.
  • the details of the firm as registered are kept up to date;
  • The notification to the Information Commissioner’s Office is renewedannually;
  • The partnership maintains and updates the public Data Protection Registerwhich will be reviewed regularly and at least on an annual basis;
  • The partnership maintains this policy.


2.49 The second aspect of compliance is the observance of the principles which underline

the GDPR, namely that all data which is covered by the Regulation (which includes

not only computer data, but also personal data held within a filing system) is:

  •  obtained with the consent of the data subject or their legal guardian;
  •  fairly and lawfully processed;
  •  processed for limited purposes;
  •  adequate, relevant and not excessive;
  •  accurate;
  •  not kept longer than necessary;
  •  processed in accordance with the data subject’s rights;
  •  stored securely;
  •  shared with recognised third parties i.e. the Home Office,
  • courts/Tribunals/Government Departments/ GPs/Doctors/Social workers;
  •  not transferred to countries without adequate protection;
  •  destroyed securely;

2.50 A further layer of compliance is that there are a number of codes of practice provided

under the GDPR, which the partnership will observe. These may be altered or added

to by the Information Commissioner, who is responsible for the administration of the

GDPR.

2.51 All members of staff are provided with training on GDPR and Data Protection

compliance on induction and as necessary from time to time. Additional training on

any changes to this policy and refresher training will be provided annually.

2.52 Each staff member is responsible for ensuring that no breaches of this policy result

from their actions. Failure to comply with this policy by any member of staff will

invoke our Disciplinary Procedure and may result in disciplinary proceedings.

PROCEDURE FOR REPORTING DATA PROTECTION BREACHES:

2.53 Each staff member is responsible for reporting any breaches, or suspected breach of this

policy to our Data Officer for investigation and appropriate action to fix the issue in a

timely manner and keep a record of the said breach.

Where the Data Officer is in breach or suspected breach of this policy, then our Managing

Partner will investigate the breach or suspected breach and take appropriate steps to

fix the breach in a timely manner and keep a report of the said breach.

2.54 Where any substantial breaches occur in the course of our business, our Data

Protection Officer has a duty to report to the breach to the Information Commissioner

in a timely manner and also keep a report of that breach.

2.55 Data Protection Officer shall undertake an annual review of this policy to verify it is in

effective in operation.

© IPS Legal LLP 2016