+44 (0) 1392 345 400|info@probertlegal.com


About Edmund Probert

This author has not yet filled in any details.
So far Edmund Probert has created 33 entries.

Our organisation processes personal information. What do we need to do?

Under the Data Protection Act, your organisation should have told the Information Commissioner’s Office (ICO) what information you process (using one of their online templates) and paid them an annual fee.

As a result of the new European Data Protection Regulation, this will soon no longer be a requirement. However, you will still have to put together and maintain an internal register of all information that you process. This should be made available to the ICO if requested.

One important point is that unlike the requirement to notify the ICO, the obligation to keep a register applies to both the controller and the companies appointed to process the information. They must both keep their own separate registers.


Do all organisations need to keep a register? 

The simple answer is No. The organisations that need to keep a register are those that fall into the following categories:

  • Organisations with 250 or more employees.
  • Organisations which process information that is “likely to result in a risk for the rights and freedoms” of the individual.
  • The processing is not “occasional”.
  • Organisations which process one of the “special categories of personal data” or criminal convictions or offences.

This is quite vague and could potentially cover all organisations who deal with personal information regularly. There will be […]

By |March 22nd, 2016|Blog|0 Comments|

Top tips on when you need to appoint a Data Protection Officer (DPO)

The new European General Data Protection Regulation will bring a number of important changes to the way data protection is handled by companies. The GDPR will require private sector organisations to appoint Data Protection Officers in a number of situations.

Unlike the Data Protection Act (DPA), both the controller of the data and the organisations appointed to process the personal information by the controller must appoint a DPO.

How do we know if a Data Protection Officer is required?

A DPO will be required in the following circumstances:

  • When the organisation’s core activities require regular and systematic monitoring of data subjects on a large scale. In order to decide whether this applies, the organisation will have to consider the nature, scale and purpose of the processing.
  • When the organisation is processing one of the “special categories of personal data” (see definition below) or criminal convictions or offences.
  • Where the organisation is specifically required by law to appoint a DPO.

This is one of the areas where guidance should be issued by the European Data Protection Authoritiy as a matter of priority.

What about groups of companies?

A group of companies or organisations may appoint one DPO providing that they all have easy access to that individual.

Who should be appointed as a DPO?

The […]

By |March 16th, 2016|Blog|0 Comments|

Information Commissioner’s Office 12 Steps to take now!

The Information Commissioner’s Office (“the ICO”) have published this week some of its first guidance on the new General Data Protection Regulation (“the GDPR”). The “12 Steps to take now” document Is a checklist of what organisations should be doing now to prepare for the GDPR and is available here.

The GDPR is now expected to be finalised by July 2016 and this latest ICO publication is a must for all organisations starting to plan for the changes to the law. The GDPR should be fully in force by 2018.

Where can I get specialist advice?

As experts in data protection law, Probert Legal can help you steer a path through the new legislation and ensure that your systems and procedures are robust.

For further information, contact Tracey Wakelam on traceywakelam@www.probertlegal.com

By |March 16th, 2016|Blog|0 Comments|

What should I do if there is a Personal Data Breach?

The new European General Data Protection Regulation is set to become law in Spring 2016. This will significantly change the way businesses handle any personal data that they hold.

Let’s take a look at how the new law will affect personal data breaches, and what action you need to take if this should occur.

 What is a personal data breach?

There is a new requirement on all data controllers to report breaches of security that result in the accidental or unlawful loss or disclosure of personal information, if the breach results in a risk to the rights and freedoms of the individual. There will be guidance from the European data protection authority and the Information Commissioner’s Office (“the ICO”) on what this actually means, but the organisation will have to consider whether there is any risk to the individual arising from the breach (eg identity fraud, risk to reputation) and if so then it is likely that the breach should be reported.

How long does an organisation have to report the breach?

 The breach must be reported within 72 hours of becoming aware of it. The GDPR says the time limits must be complied with “where feasible” but the ICO will expect very good reasons for non-compliance.

What obligations […]

By |March 15th, 2016|Blog|0 Comments|

What is “Privacy by Design and Default” and how does it affect my business?

The Data Protection Act is being replaced by the General Data Protection Regulation (the GDPR) which is harmonising data protection law across Europe and is expected to become law in Spring 2016. All organisations dealing with personal data will be required to comply with the GDPR by Spring 2018.

The new regulations will bring a number of important changes to the way data protection is managed. One of these is the principle of “Privacy by Design and Default”.

What does it mean?

This means that all organisations involved in developing and designing applications, services and products used to process personal information must ensure they take account of data protection. This applies at the start of the process and all all relevant stages of the development. It also applies to the organisations purchasing such a system to check that it meets these requirements.

What do I have to do to comply?

The GDPR gives some examples of measures of what should be done to meet these requirements:

  • Minimising the information that you process.
  • Pseudonymising information (see below).
  • Being transparent about what you do with the information.
  • Allowing the data subject to monitor data processing.
  • Allowing the organisation processing the information to create and improve security features.

An organisation should start with these measures, but can […]

By |March 15th, 2016|Blog|0 Comments|

Tomorrow’s Guide to Subject Access Requests

The right of an individual to ask an organisation what information they hold about them was introduced by the Data Protection Act. It has become widely used by individuals in the UK and most organisations now have established procedures for dealing with such requests.

When the new European General Data Protection Regulation comes into force, this right will remain but with some important changes. You will need to ensure that you are fully compliant with the new legislation.

What can an individual ask my organisation for?

An individual can contact your organisation and ask if you process information about them. You are required to confirm whether or not you do and the categories of information you hold (e.g. contact details). They can also ask for access to the information that you hold.

What else does my organisation have to tell them?

An individual also has the right to ask your organisation:

  • why you are processing the information;
  • how long you will store the information;
  • who you have shared that information with;
  • if you did not receive the information directly from the individual, who provided you with the information;
  • whether the information has been subject to automated decision making including profiling and where this applies other details about the decision making process.

Any correspondence with […]

By |March 9th, 2016|Blog|0 Comments|

It’s all change to European Trade Marks

On 23 March 2016, the Office for Harmonization in the Internal Market (OHIM) which deals with the administration of Community Trade Marks changed its name to the European Union Intellectual Property Office (EUIPO). This aligns with the current naming convention – as in ‘UKIPO’. Meanwhile, The Community Trade Mark will also change its name to the European Union Trade Mark – which will save the explanation as to what is a CTM.

What’s more, the fee structure has changed and OHIM state that it will result in an overall reduction in the amounts paid.

All existing trade marks and trade mark applications will automatically become European Union Trade Marks (EUTM) and the OHIM website is warning users to be vigilant against organisations sending fraudulent invoices under the old and new logos.

You can find out more about this and see the press release on the OHIM website.

Probert Legal are specialists in trade mark and intellectual property law. For further details, please contact Ed Probert at edmundprobert@www.probertlegal.com


By |March 8th, 2016|Blog|0 Comments|

Update on the EU-US Privacy Shield

The European Commission issued a press release yesterday along with draft proposals for the new Privacy Shield.

If put into place, the Privacy Shield will be one of the methods of  transferring personal information from Europe to organisations based in the USA without breaching the European data protection rules. These proposals will now be analysed by the European Data Protection watchdog and we will bring you updates as we get them.

The press release can be found here.

Probert Legal has particular expertise in this area and would be happy to talk to you about ensuring that your systems comply with the law and guidance in this area.

For more information about how we can help, contact Tracey Wakelam at traceywakelam@www.probertlegal.com

By |March 1st, 2016|Blog|0 Comments|

Are you prepared for the New General Data Protection Regulation?

In a poll of 100 hundred medium to large organisations undertaken by computing.co.uk last month,  they found that 44% of the organisations were not even aware of the change to the law or had “vague” awareness and only 20% were well prepared. The report on the survey can be found here.

If you are wondering how the changes will affect your organisation, keep an eye on our blog, we will be publishing guidance on some important points of the new regulations over the next couple of weeks.



By |March 1st, 2016|Blog|0 Comments|

Discover how the ICO investigates nuisance calls, texts and emails

The Information Commissioner’s Office (ICO) has just posted an interesting blog explaining how it investigates who is behind nuisance calls, emails and texts. Take a look here !

This provides an insight into the extensive detective work that goes on behind the scenes.

The ICO carries out mystery shopper exercises; signs up to websites and responds to adverts to monitor the correspondence it receives.

As a result, it has handed out a number of large fines this year to companies for breaking rules relating to marketing.

Make sure your company does not fall foul of the ICO.

Probert Legal has particular expertise in this area and would be happy to talk to you about ensuring that your systems comply with the law and guidance in this area.

For more information about how we can help, contact Tracey Wakelam at traceywakelam@www.probertlegal.com

By |February 25th, 2016|Blog|0 Comments|