Data Protection Policy
2.43 We are fully committed to compliance with the requirements of the General Data
Protection Regulations 2018. Any member of our staff with an enquiry about the
handling and processing of personal data should approach our Data Protection Officer
who is responsible for data protection in our firm.
2.44 IPS staff take the responsibility in processing clients’ data seriously by ensuring that
clients’ privacy and data is confidentially stored and secure.
We are committed to ensuring that clients’ data is processed for the purpose of advising and
representing them in their legal matters or to update them on the changes in the law.
2.45 We are committed to ensuring that clients know what information we will collect from
them when advising and representing them in their legal matters.
2.46 We are responsible for informing clients about why we collect their data and how we
will use their data for the purpose of advising and representing them in their legal matters.
2.47 We are aware that clients can withdraw their consent to us processing their data at any
given time. Data subjects can request their information at any given time.
IPS will process the subject access request within 21 days of receiving the request.
2.48 It is the responsibility of all Partners to ensure that:
2.49 The second aspect of compliance is the observance of the principles which underline
the GDPR, namely that all data which is covered by the Regulation (which includes
not only computer data, but also personal data held within a filing system) is:
2.50 A further layer of compliance is that there are a number of codes of practice provided
under the GDPR, which the partnership will observe. These may be altered or added
to by the Information Commissioner, who is responsible for the administration of the
2.51 All members of staff are provided with training on GDPR and Data Protection
compliance on induction and as necessary from time to time. Additional training on
any changes to this policy and refresher training will be provided annually.
2.52 Each staff member is responsible for ensuring that no breaches of this policy result
from their actions. Failure to comply with this policy by any member of staff will
invoke our Disciplinary Procedure and may result in disciplinary proceedings.
PROCEDURE FOR REPORTING DATA PROTECTION BREACHES:
2.53 Each staff member is responsible for reporting any breaches, or suspected breach of this
policy to our Data Officer for investigation and appropriate action to fix the issue in a
timely manner and keep a record of the said breach.
Where the Data Officer is in breach or suspected breach of this policy, then our Managing
Partner will investigate the breach or suspected breach and take appropriate steps to
fix the breach in a timely manner and keep a report of the said breach.
2.54 Where any substantial breaches occur in the course of our business, our Data
Protection Officer has a duty to report to the breach to the Information Commissioner
in a timely manner and also keep a report of that breach.
2.55 Data Protection Officer shall undertake an annual review of this policy to verify it is in
effective in operation.