Expert e-wire
  Sign me up!  
  Have your say!  

Not logged in
  Log in now  

Join up!
Benefits for experts
Application form
Apply online

Benefits for lawyers

Did we help?
  Feedback   
  Tell a friend   
  Contact us...   

Professional Indemnity Insurance for Expert Witnesses
Top quality
PI Insurance cover
at market-beating prices

Little Books
The Little Books
We have learnt the lessons from the mistakes of others, now you can learn them too!

Expert Witness
Year Book
The Expert Witness Year Book
Slip one in your bag, and you can be the expert with the facts at your fingertips!
  GDPR – Consent or Legitimate Interest

Making sure you have a proper basis for processing personal data

The requirement to have a lawful basis in order to process personal data is not new, but the GDPR places more emphasis on being accountable for and transparent about your lawful basis for data processing. The lawful bases are:

  • Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
  • Contract: the data processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
  • Legal obligation: the data processing is necessary for you to comply with the law (not including contractual obligations).
  • Vital interests: the data processing is necessary to protect someone’s life.
  • Public task: the data processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
  • Legitimate interests: the data processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

Many expert witnesses will think the first of these, consent, is the lawful basis for their processing of data. But, the use of Legitimate interests is often better in our view. The legitimate interests in question being that of the litigation in which the expert witness is instructed.

The GDPR makes it much harder to imply consent. The standard will now require some clear affirmative action (such as a written, electronic or oral statement) establishing a freely given, specific, informed and unambiguous indication of the individual’s agreement to their personal data being processed. The burden of showing that consent was validly obtained and freely given will fall on the data controller. For consent to be informed, the data subject should be aware of at least the data controller’s identity and the intended purposes of the processing.

The ICO’s thinking on this is still evolving, but we feel that it is part of the data processor’s task (the expert witness) to ensure that there is a valid consent obtained by the data controller (the instructing lawyer), and that this consent identifies any third parties (e.g. expert witnesses) to whom the data will be passed.

 

 

 
Issue 108
March 2018

GDPR – Getting Started
GDPR – Privacy Notice
GDPR – Consent or Legitimate Interest


Current issue
June 2018

Is your spare room filling up?
Document retention policy
What is a reasonable time for document retention?
Conference news
Not logged in -  Log in now