MPR Solicitors LLP (‘ the Firm’) is fully committed to compliance with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation 2018. MPR Solicitors LLP will therefore follow procedures that aim to ensure that all members, partners, managers, associates, employees, agents and consultants who have access to any personal data held by or on behalf of the Firm, are fully aware of and abide by their duties and responsibilities under the Act.
Statement of policy
In order to operate efficiently, MPR Solicitors LLP has to collect and use information about people with whom it works and deals with. These may include members of the public, current, past and prospective employees, clients and customers, suppliers and others with whom MPR Solicitors communicates and conducts business. In addition, it may be required by law to collect and use information in order to comply with the requirements of central government. This personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means, and there are safeguards within the Act to ensure this.
MPR Solicitors LLP regards the lawful and correct treatment of personal information as very important to its successful operations and to maintaining confidence between the Firm and those with whom it carries out business. The Firm will ensure that it treats personal information lawfully and correctly.
The principles of data protection
The Act stipulates that anyone processing personal data must comply with Eight Principles of good practice. These Principles are legally enforceable.
The Principles require that personal information:
1. Shall be processed fairly and lawfully and in particular, shall not be processed unless specific conditions are met;
2. Shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes;
3. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed;
4. Shall be accurate and where necessary, kept up to date;
5. Shall not be kept for longer than is necessary for that purpose or those purposes;
6. Shall be processed in accordance with the rights of data subjects under the Act;
7. Shall be kept secure i.e. protected by an appropriate degree of security;
8. Shall not be transferred to a country or territory outside the European
Economic Area, unless that country or territory ensures an adequate
level of data protection.
The Act provides conditions for the processing of any personal data. It also makes a distinction between personal data and ”sensitive” personal data.
Personal data is defined as, data relating to a living individual who can be identified from:
- That data;
- That data and other information which is in the possession of, or is likely to come into the possession of the data controller and includes an expression of opinion about the individual and any indication of the intentions of the data controller, or any other person in respect of the individual.
Sensitive personal data is defined as personal data consisting of information as to:
- Racial or ethnic origin;
- Political opinion;
- Religious or other beliefs;
- Trade union membership;
- Physical or mental health or condition;
- Sexual life;
- Criminal proceedings or convictions.
Handling of personal/sensitive information
MPR Solicitors LLP will, through appropriate management and the use of strict criteria and controls:
Observe fully conditions regarding the fair collection and use of personal information;
- Meet its legal obligations to specify the purpose for which information is used;
- Collect and process appropriate information and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements;
- Ensure the quality of information used;
- Apply strict checks to determine the length of time information is held;
- Take appropriate technical and organisational security measures to safeguard personal information;
- Ensure that personal information is not transferred abroad without suitable safeguards;
- Ensure that the rights of people about whom the information is held can be fully exercised under the Act.
- The right to be informed that processing is being undertaken;
- The right of access to one’s personal information within the statutory period
- The right to prevent processing in certain circumstances;
- The right to correct, rectify, block or erase information regarded as wrong information.
To assist in achieving compliance with the principles MPR Solicitors LLP will ensure that:
There is someone with specific responsibility for data protection in the organisation.
- Everyone managing and handling personal information understands that they are responsible for following good data protection practice;
- Everyone managing and handling personal information is appropriately trained to do so;
- Everyone managing and handling personal information is appropriately supervised;
- Performance with handling personal information is regularly assessed and evaluated;
MPR Solicitors LLP’s designated Data Protection Officer
MPR Solicitors LLP’s Data Protection Officer responsible for ensuring compliance with the Data Protection Act and implementation of this policy is Abdullah Al-Yunusi. The Data Protection Officer may be contacted at:
MPR Solicitors LLP
8 Red Lion Court
All members, partners, managers, associates, employees, agents and consultants are to be made fully aware of this policy and of their duties and responsibilities under the Act.
All members, partners, managers, associates, employees, agents and consultants are responsible for:
Checking that any personal data that they provide to MPR Solicitors LLP is accurate and up to date.
- Informing MPR Solicitors LLP of any changes to information that they have provided
If as part of their responsibilities members, partners, managers, associates, employees, agents, consultants collect information about other people (eg about clients, suppliers or other employees), they must comply with this policy.
This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the Data Protection Act 1998.