Expert e-wire
  Sign me up!  
  Have your say!  

Not logged in
  Log in now  

Join up!
Benefits for experts
Application form
Apply online

Benefits for lawyers

Did we help?
  Tell a friend   
  Contact us...   

Professional Indemnity Insurance for Expert Witnesses
Top quality
PI Insurance cover
at market-beating prices

Little Books
The Little Books
We have learnt the lessons from the mistakes of others, now you can learn them too!

Expert Witness
Year Book
The Expert Witness Year Book
Slip one in your bag, and you can be the expert with the facts at your fingertips!
  GDPR – Getting Started

Getting ready for GDPR

The General Data Protection Regulation (GDPR), which imposes new and stricter obligations on expert witnesses who handle personal data, comes into force in May 2018. What should an expert do to get ready?

The first step is to look at the Information Commissioner’s Office’s (ICO’s) 12 Steps guide, and then to move onto their GDPR Guide, which is well organised and easy to read.

What most expert witnesses will need to do is:

  • Conduct a data audit to determine what personal data (i.e. data covered by the GDPR) is held
  • Write a privacy notice that explains their data processing
  • Work out the legal basis for processing such data – for expert witnesses, that could be consent, but perhaps better is ‘legitimate interest’
  • Be clear about whether relying on the consent obtained by those who instruct the expert is sufficient, or whether the expert needs to obtain consent direct from the individual
  • Understand the rights individuals have to ‘their data’ (it’s covered in the ICO’s Guide) so as to know how to respond should someone make a ‘subject access request’.

In terms of data security, the GDPR imposes greater duties to prevent data breaches, and introduces potentially large fines. Expert witnesses should consider writing a data security policy setting out how they will ensure personal data is secure. Up to date computer security is obviously essential, as well as physical security for sensitive data. But experts should also think about how to protect such material when it needs to leave the office, either to travel to court or if it is backed up to ‘the cloud’. It’s quite clear that leaving paper files on trains, or unencrypted USB sticks lying around, will not be tolerated under the new regulations.



Issue 108
March 2018

GDPR – Getting Started
GDPR – Privacy Notice
GDPR – Consent or Legitimate Interest

Current issue
June 2018

Is your spare room filling up?
Document retention policy
What is a reasonable time for document retention?
Conference news
Not logged in -  Log in now