"Everything at Advocates is done on a timed basis, so we need to conduct our research efficiently. We don't want to charge clients unnecessarily or write off our time. With Lexis products, we can get more research done each day"
Advocates
Access all documents on Personal data
Personal data means data relating to a living individual who can be identified from such data, either alone or with other information in the data controller鈥檚 possession. It includes opinions about, and intentions in relation to the data subject.
Personal data can thus include names, addresses, National Insurance numbers, CCTV images of individuals, car registration numbers and details of company directors (not of the companies themselves).
Speed up all aspects of your legal work with tools that help you to work faster and smarter. Win cases, close deals and grow your business鈥揳ll whilst saving time and reducing risk.
For our full legal glossary and more legal research sources, register for a free Lexis+ trial
MVNO agreement鈥攃hecklist This Checklist covers some of the main provisions to be included in a mobile virtual network operator (MVNO) agreement under which a mobile network operator supplier will provide wholesale access services to an MVNO for resale to its own retail customers. It covers some of the main provisions that are specific to an agreement of this kind. See also the Precedent: MVNO agreement. In this Checklist, the following definitions are used: 鈥 Agreement鈥攎eans the MVNO agreement between the MVNO and the Supplier for the provision of the Services 鈥 End-User鈥攎eans a customer of the MVNO 鈥 IPR鈥攎eans intellectual property rights 鈥 MVNO鈥攎eans mobile virtual network operator, the customer in the Agreement 鈥 Services鈥攎eans the wholesale network services being provided to the MVNO by the Supplier 鈥 Supplier鈥攎eans the mobile network operator providing network services to the MVNO The third column can be used to record observations or comments as the Checklist is worked through. Checklist Further information Notes (if any) General terms and conditions 鈽 Consider duration....
Commercial contract review and execution (business personnel)鈥攃hecklist This is a Checklist for in-house lawyers to provide to those of its employees (eg procurement or sales professionals) who are engaged in negotiating commercial contracts. It sets out the primary issues to consider when negotiating or reviewing a business-to-business commercial contract, and includes practical guidance. This Checklist may be suitable for use in low risk contracts where employees who are not legally qualified are authorised to conduct negotiations and contract review. It may be customised as required to work with a company playbook on contract negotiation and review, to include suggested fall-back drafting positions and escalation points for recourse to a legal team as appropriate. As it is intended to be used by non-legal professionals, it does not include links to further detailed legal commentary in each case. For a Checklist intended for use by legal professionals with links to further information, see: Commercial contract drafting and review鈥攃hecklist. In-house lawyers should check that business personnel engaged in negotiating and concluding commercial contracts...
Discover our 92 Checklists on Personal data
Standard contractual clauses and binding corporate rules鈥擡U methodology鈥攆lowchart This Flowchart reflects the methodology set out by the European Data Protection Board (EDPB) for determining whether you can make an international transfer of personal data on the basis of standard contractual clauses (SCCs) or binding corporate rules (BCRs). You can only rely on these transfer mechanisms where the protections, enforceable rights and legal remedies provided to individuals in the recipient country are essentially equivalent to those guaranteed under the General Data Protection Regulation (GDPR). The 鈥榚ssentially equivalent鈥 test was laid down in the case of Facebook Ireland and Schrems (Schrems II), which was decided under the EU GDPR. The Information Commissioner鈥檚 Office (ICO) has published Guidance on transfer risk assessments, which adopts the term 鈥榮ufficiently similar鈥 in relation to transfers under the UK GDPR and uses a different methodology. The ICO is happy for organisations exporting data from the UK to follow either methodology. This Flowchart reflects the EU methodology, as set out in: 鈥 EDPB Guidelines on...
Legitimate interests assessment flowchart The UK General Data Protection Regulation (UK GDPR) permits processing of personal data where that processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular, where the data subject is a child. There
Discover our 19 Flowcharts on Personal data
ARCHIVED: This archived Practice Note provides information on the data protection regime before 25 May 2018 and reflects the position under the Data Protection Act 1998 (DPA 1998). This Practice Note is for background information only and is not maintained.BackgroundThe DPA 1998 governs processing of personal data in the UK. It obliges processors of such data to comply with eight principles, and gives individuals a right to know what information is held about them. For further information on the principles, see Practice Note: Data protection principles under the DPA 1998.The Information Commissioner's Office (ICO) supervises and enforces the implementation of the DPA 1998. For more information, see Practice Notes: The Information Commissioner鈥檚 Office (ICO) and Sanctions and enforcement under the DPA 1998.Sections 1 and 2 of the DPA 1998 contain definitions for the key terms used throughout the act and within the Information Commissioner's codes of practice or other guidance. Key statutory definitions include:鈥ata鈥ersonal data鈥ensitive personal data鈥ata subject鈥ata controller鈥ata processor鈥rocessing鈥elevant filing systemChanges as a result of the General Data Protection...
ARCHIVED: This archived Practice Note provides information on the data protection regime before 25 May 2018 and reflects the position under the Data Protection Act 1998 (DPA 1998). This Practice Note is for background information only and is not maintained.Changes as a result of the General Data Protection RegulationThe General Data Protection Regulation, Regulation (EU) 2016/679 (the GDPR) (applicable from 25 May 2018) introduces substantial amendments to EU and UK data protection law and replaces the DPA 1998 and Directive 95/46/EC (the Data Protection Directive) from that date.For further information, see Practice Notes: Introduction to the EU GDPR and UK GDPR and Rights of data subjects.A data subject is a living individual who is the subject of personal data, ie data from which he can be identified. For key definitions under the DPA 1998, see Practice Note: Key definitions under the DPA 1998. For a comprehensive introduction to the GDPR, collating key practical guidance, see: Data protection toolkit.Right of access to personal dataAn individual has a right to be informed...
Discover our 1011 Practice Notes on Personal data
Data protection complaint鈥攑rogress update letter [Insert complainant鈥檚 name] [Insert complainant鈥檚 contact address] Our ref: [insert complaint reference number] Dear [insert complainant鈥檚 name] Your complaint I am continuing to investigate your complaint, which I received on [insert date complaint received]. So far, I have taken the following steps: 鈥 confirmed and verified your identity, to make sure we are dealing with the right person and we are keeping your personal data secure 鈥 [insert step you have taken, eg determined the date on which you first notified us that you objected to your personal data being processed for direct marketing purposes鈥攁ccording to our records, this was [insert
Music publishing agreement鈥攑ro-publisher This Agreement is made on [date] Parties 1 [Insert name of Publisher] a company incorporated in [England] with registered number [company number], whose registered office is at [address] (Publisher); and 2 [Insert name of Writer] of [insert address] (Writer). Background (A) The Writer is a composer of musical works and/or an author of lyrics of literary works; (B) The Publisher is engaged in the business of music publishing throughout the Territory and has, inter alia, facilities for the administration and exploitation of musical works; and (C) The Publisher wishes to acquire and the Writer wishes to grant to the Publisher the exclusive right to the Writer鈥檚 share of the Compositions, subject to the terms of this Agreement. It is agreed as follows: 1 Definitions and Interpretation 1.1 In this Agreement: Accounting Period 鈥 means each six monthly period ending on 30 June and 31 December; Advance 鈥 means all monies paid to the Writer by the Publisher other than royalties. Such...
Dive into our 454 Precedents related to Personal data
Can an insurer refuse to provide internal correspondence and case notes relating to an insurance claim where a subject access request (SAR) is made under the UK GDPR for such information? This Q&A assumes that the organisation that has received the SAR is a 鈥榗ontroller鈥 of the relevant data. For an introduction to the United Kingdom General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR) regime, including key data protection terms and concepts, such as 鈥榩ersonal data鈥, 'processing', 'data subject' and 鈥榗ontroller鈥, see: Data protection toolkit. As further explained in Practice Notes: The UK GDPR and DPA 2018 for insurers and Data subject rights鈥攁ccess, Article 15 of the UK GDPR gives individuals a right to obtain confirmation from a data controller as to whether or not personal data concerning them is being processed, and where it is, access to the personal data and certain further information. A request for such information is commonly known as a 鈥榮ubject access request鈥 (or a 'SAR' or 'DSAR'). In order to assist...
Do I have to notify clients of a data breach under the SRA Codes of Conduct even where there is no requirement to notify the client of the breach under the UK GDPR? We are not aware of any specific guidance on this point. However, SRA requirements would apply alongside the UK GDPR and may be applicable even where there is no obligation to take action under UK GDPR. The SRA enforcement strategy points out that information security is of high importance to the public. In the context of parallel actions with other regulators, the SRA gives the example of a data breach, saying that while enforcement of data protection legislation is a matter for the Information Commissioner's Office (ICO), if a data protection breach also involves the disclosure of confidential client information, the SRA would investigate that as a regulatory offence. For more information on the position under UK GDPR, see the Practice Compliance subtopic: Data breaches鈥攃ompliance鈥攐verview, and in particular Practice Note: How to manage a personal data breach....
See the 378 Q&As about Personal data
This week's edition of Practice Compliance weekly highlights includes: a News Analysis on EU AML enforcement, a Spotlight on Corruption report on ongoing deficiencies in legal sector AML compliance, an update on the UK Data (Use and Access) Bill, updated EC model clauses for AI procurement, details of a pilot for a new Cyber Governance Code of Practice, and an LSB consultation on strengthening lawyers鈥 ethical standards regulation.
This week's edition of Risk & Compliance weekly highlights includes: an update on the UK Data (Use and Access) Bill, updated EC model clauses for AI procurement, a News Analysis on EU AML enforcement, a Spotlight on Corruption report on ongoing deficiencies in legal sector AML compliance, details of a pilot for a new Cyber Governance Code of Practice, and an LSB consultation on strengthening lawyers鈥 ethical standards regulation.
Read the latest 4491 News articles on Personal data
**Trials are provided to all 老司机午夜福利 content, excluding Practice Compliance, Practice Management and Risk and Compliance, subscription packages are tailored to your specific needs. To discuss trialling these 老司机午夜福利 services please email customer service via our online form. Free trials are only available to individuals based in the UK, Ireland and selected UK overseas territories and Caribbean countries. We may terminate this trial at any time or decide not to give a trial, for any reason. Trial includes one question to LexisAsk during the length of the trial.
0330 161 1234