By Lisa Rix - ELA Briefing - June 2019
Having just celebrated the anniversary of GDPR, now seems a good opportunity to reflect on the impact that it has had on litigation. Below, we explore the typical stages of the litigation process and consider what lawyers need to think about in respect of data protection obligations.
When advising clients on their GDPR compliance, we should always aim to prepare clients – from a GDPR perspective – for any future litigation.
First, we should advise clients to set their retention periods to allow time to fight cases and defend claims. As most claims have a six-year limitation period, a seven-year retention period will usually be appropriate (allowing for the limitation period plus a ‘buffer’ year for the client to be made aware of any such claim). However, some potential claims may require clients to set a longer period; for example, where claims may arise in relation to a deed (where 13 years would be more appropriate).
Secondly, although strictly clients need not provide references to personal data being disclosed as part of legal proceedings in their privacy notices (due to an exemption in para 5(3), Part 1, Sch.2 DPA 2018), it is probably still good practice for clients to set out in their privacy notices broad references to:
You can read the full article here (Please note, this publication requires a subscription)