UK GDPR Good Practice Workshop

Date: Saturday 6th November, 2021 - Venue: , video-link

UK General Data Protection Regulation


“The crucial, crucial change [GDPR] brought was around accountability. Accountability encapsulates everything the GDPR is about,” says UK Information Commissioner Elizabeth Denham (April 2019).

Articles 25(1) and 25(2) of the UK GDPR outline your obligations concerning ‘data protection by design and by default’. This requirement ensures that the seven data protection principles are implemented, and that individuals’ rights are always safeguarded.

This ABI workshop focuses on the key issues in the investigation and litigation support service sector and explains, demonstrates and puts into practice the requirements in the following UK GDPR topics:

1. The 7 data protection principles.

2. The ambiguity that exists in the sector as to whether a service provider is controller or processor.

3. How and why any processing of personal data in the sector should first start with a data protection impact assessment.

4. The legitimate interest assessment.

Data protection by default is simple when the seven data protection principles are embedded in every one of an investigative organisation’s processes.  Data protection by default means that the individual’s rights are safeguarded from the very beginning of a process, before any additional measures are implemented.

There is no shortage of advice on UK GDPR some of it good, some not so good and some very confusing.

In preparation for the 5-hour workshop delegates will be provided with reading material and documents, articles, templates and policies to help them engage in the small group workshop and gain a better understanding how they may meet their clients' expectations while remaining compliant.

What an investigator or litigation support service provider will gain from attending the workshop:

  • To improve the practice in investigative and litigation support services where some operators incorrectly process data as a processor not taking on controller obligations.
  • Ensuring the recording of a data protection impact assessment for the classes of processing carried out in the sector.
  • Establishing the lawful basis under Article 6 of the UK GDPR for processing personal data that is fair, transparent, necessary, justified, and proportionate.
  • Applying the legitimate interest 3-part test.

Those issuing instructions to investigators and litigation support service providers, such as lawyers, insurers, the financial services, commerce, private clients, and other sectors, will wish their chosen contractor to demonstrate they have taken safeguards and protect them against poor practice when those instructions involve the processing of personal data, as invariably they do.