Expert e-wire
  Sign me up!  
  Have your say!  

Not logged in
  Log in now  

Join up!
Benefits for experts
Application form
Apply online

Benefits for lawyers

Did we help?
  Feedback   
  Tell a friend   
  Contact us...   

Professional Indemnity Insurance for Expert Witnesses
Top quality
PI Insurance cover
at market-beating prices

Little Books
The Little Books
We have learnt the lessons from the mistakes of others, now you can learn them too!

Expert Witness
Year Book
The Expert Witness Year Book
Slip one in your bag, and you can be the expert with the facts at your fingertips!
  GDPR – Consent

Making sure you have a proper basis for processing personal data

The requirement to have a lawful basis in order to process personal data is not new, but the GDPR places more emphasis on being accountable for and transparent about your lawful basis for data processing. The lawful bases are:

  • Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
  • Contract: the data processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
  • Legal obligation: the data processing is necessary for you to comply with the law (not including contractual obligations).
  • Vital interests: the data processing is necessary to protect someone’s life.
  • Public task: the data processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
  • Legitimate interests: the data processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

For most expert witnesses, it will be the first of these, consent, that is the lawful basis for processing data.

The GDPR makes it much harder to imply consent. The standard will now require some clear affirmative action (such as a written, electronic or oral statement) establishing a freely given, specific, informed and unambiguous indication of the individual’s agreement to their personal data being processed. The burden of showing that consent was validly obtained and freely given will fall on the data controller. For consent to be informed, the data subject should be aware of at least the data controller’s identity and the intended purposes of the processing.

The ICO’s thinking on this is still evolving, but we feel that it is part of the data processor’s task (the expert witness) to ensure that there is a valid consent obtained by the data controller (the instructing lawyer), and that this consent identifies any third parties (e.g. expert witnesses) to whom the data will be passed.

Valued this article? or

 

 

 
Current issue
March 2018

GDPR – Getting Started
GDPR – Privacy Notice
GDPR – Consent
Conference news
Not logged in -  Log in now