Guidance is now available for solicitors on how to respond to a data subject access request.

The Intellectual Property and Data Protection Law Committee has prepared notes and a checklist on how to deal with these cases.

The checklist details the steps which must be taken under GDPR rules:

• Has a person with appropriate seniority been appointed to drive GDPR compliance in the firm?
• Are staff generally aware of data protection rules?
• Are staff aware of the consequences of failure to apply data protection rules?
• Have staff completed basic data protection and basic information security training?
• Would your staff be able to recognise and respond to a subject access request?
• Would your staff be able to recognise and respond to a data security breach?
• Are new staff trained in data protection matters?

Transfers of data

Each firm should also consider and document other matters such as transfers of personal data outside the EEA, special categories of data, data relating to children or minors and processing which causes a security risk such as bank details of clients or counterparties. 

Solicitors can find information regarding their data protection obligations, including precedent documents, here.