On 25th May 2018 the European Union’s General Data Protection Regulation (GDPR) EU/2016/ 679 comes into effect and replaces all existing UK and EU data protection law. The GDPR will be enforced in the UK by the Information Commissioner’s Office (ICO). It will continue in force after the UK leaves the EU.
The GDPR is concerned with the collection, processing and security of Personal Data and it gives individuals rights to know what data is held, how it is held, why it is held and to request that it be amended, transferred or destroyed or that the processing of it be restricted.
Personal Data is any information about you which used alone, or combined with other information, would enable someone to identify you. Special types of Personal Data require special treatment – these are called Special Category Data, and include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health and data concerning your sex life or sexual orientation.
VSH Law recognises its obligation to comply with GDPR and will ensure that Personal Data:-
- is processed fairly, lawfully and in a transparent manner
- is processed for specified purposes only
- is relevant to what it is needed for
- is accurate and kept up to date and is not kept longer than is needed
- is processed in accordance with the rights of individuals
- is kept securely.
VSH Law is registered with the ICO as the Data Controller under reference number Z4692590.
Why we need to process your Personal Data
VSH Law has to have a reason or reasons for processing your Personal Data – in GDPR this is called a Lawful Basis. VSH Law has identified its Lawful Bases as follows:-
VSH Law needs your Personal Data to enable us to carry out the work that we have agreed to do for you, the terms of which will be set out in our letter of engagement. Prior to the issue of the letter of engagement we will take some basic initial steps to set up our files, carry out ID checks etc and will use your Personal Data for these purpose.
Legitimate Interest Basis
There will be occasions on which we need Personal Data from someone with whom we do not have a contractual agreement (for example a beneficiary in an estate, or a third party providing funds for a house purchase) in which case we will be using that Personal Data on the basis that such processing is necessary for VSH Law’s legitimate interests or the legitimate interests of the client.
Legal Obligation Basis
We also need Personal Data to fulfil our statutory and regulatory requirements eg anti money laundering and terrorist funding legislation, compliance with Her Majesty’s Revenue & Customs or Her Majesty’s Land Registry.
If VSH Law has to process Special Category Data, then as well as satisfying one of the above, it will also ensure that data is only processed if:-
- You have given explicit consent or
- processing is necessary to protect the vital interests of the client or another person where consent cannot be given due to legal or physical incapacity.
If you choose not to provide Personal Data when requested to do so, we will have to consider whether we can act for you.
How we process your Personal Data
VSH Law will only process Personal Data, in accordance with applicable law, for the following purposes:
- responding to your queries, requests and other communications;
- providing you with legal advice and associated services;
- enabling us to fulfil our obligations to our client (if you are not our client)
- developing and improving our business;
- complying with applicable law, guidelines and regulations or in response to a lawful request from a court or regulatory body.
Your Personal Data is held in electronic form and hard copy.