How can lawyers help with data protection law ?
An immense volume of personal data continues to proliferate and flow daily around the UK and between the UK and other countries. Typical examples of this include e-mail traffic and streams of personal data relating to employees. Some of this personal data needs to be accessible beyond UK borders.
Lawyers’ can not only draft policies and procedures, but also:
- Advise on best practice.
- Assist with good governance on information security regulations and reputation management.
- Updating employee handbooks and practices.
- Drafting employment and commercial contracts.
- Provide guidance to data controllers
- Deal with employment law related issues if and when problems arise
Retention and destruction of data – some legal requirements
The law concerning retention of personal data is both general and specific. If personal data is retained:
- The data controller is obliged to keep it accurate and up to date.
- It must be kept securely.
- It should be kept for no longer than is necessary.
There are also specific laws sometimes applicable. For example:
- The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 1995 (RIDOR) require records of injuries, diseases and dangerous occurrences to be kept for a minimum of three years from the date when the records were made.
- The Limitation Act 1980 sets down various timescales within which proceedings may be brought for breach of contract, negligence and personal injury. These time scales are likely to impact how long personal data is held for legal claim prosecution and defence purposes.