PYLG Newsletter

June 2018

Summer is here!
After what has seemed a long winter and a brief spring, summer is finally on its way and bringing
some much needed sunshine, if not an end to the rain!
This edition will provide you with details of our last event – East for Easter, along with our next –
the much anticipated annual summer BBQ! We also have a guest article on important changes to
how data is handled, along with a piece on the Citizens Advice Bureau, and what you can do to
help the local community . Read on for more...

East for Easter

The bad weather did nothing to stop our spring event - a
meal at East (for Easter!). 19 young lawyers from 6
different firms enjoyed a variety of Thai infused dishes,
including duck roll starters, deep fried vegetables and
some tangy curries!

An Easter egg raffle was won by 2 lucky participants-

James Steward and Ollie Clymow. Congratulations to the
winners and thank you to all who attended!

Save the Date!

Our next event will be our annual summer BBQ on
Thursday 26 July 2018, to be hosted at the Solstice Bar
& Restaurant located in the city centre.
As with each year so far, we expect the event to be well
subscribed so please sign up early to avoid
disappointment! Please contact Shamsher Singh at
ssingh@greenwoodsgrm.co.uk for more details.

THE COMMITTEE:
Amir: amir.choudhary@buckles-law.co.uk
Amelia: Aoconnor@regencychambers.co.uk
James: James.Steward@hcsolicitors.co.uk
Jonathan: jpmumby@greenwoodsgrm.co.uk
Melissa: Melissa.casey@spw-law.co.uk
Rebecca: rjrudge@greenwoodsgrm.co.uk
Roxanne: Roxanne.Dean@taylor-rose.co.uk
Sarah: selidgett@greenwoodsgrm.co.uk
Shamsher: ssingh@greenwoodsgrm.co.uk
Umrah: Umrah.Mirza@Taylor-Rose.co.uk

If you are interested in joining the committee, please email any of us for more details.
 Opportunities at Citizens Advice Peterborough

The CAP needs YOU!

What is the CAP?
Citizens Advice Peterborough (CAP) offers free, confidential, impartial and independent advice and
information services. They operate from a base in the city centre at St Mark’s Street and have
outreach service with sessions across the city including at the Rainbow Savers Credit Union, Aspire
and Honeyhill Children Centre in Paston, along with telephone advice and email advice services.

They are not just available in times of crisis – they also use client’s stories anonymously to campaign
for policy changes that benefit the population as a whole.

What can you do?

The CAP are looking for assistance in undertaking research and running campaigns. Research and
campaigning is vital to the CAP’s goals of improving public policies and practices that most adversely
affect it’s clients. By collecting evidence from the people most affected and feeding it into local or
national actions and campaigns, pressure can be applied to make changes that benefit the poorest
members of society.

If you want to develop skills which may be useful to your profession, make contacts within the local
area, or help improve your local community, this may be the opportunity for you.

Help the Board

Do you have any interest in being a trustee? The board of trustees for Peterborough is looking for
additional members. If you have any experience working with a board, or would like to gain some,
this may be something that you can assist with.

Other volunteering roles are available, with boots-on-ground positions for those wanting to build
client handling skills in an environment focused on helping those in need.

If you would like to assist or would like any further information about the Citizens Advice in
Peterborough, please visit https://www.citapeterborough.org.uk/volunteer-with-us/

2
Featured Article
Each issue of our newsletter contains a guest article. This edition of the PYLG newsletter features
Umrah Mirza of Taylor Rose TTKW, covering the upcoming and much anticipated General Data
Protection Regulations. Read on...
GDPR, are you ready?
So the countdown has begun and we are in
the final stages of preparation (or panic)
before the new General Data Protection
Regulation (GDPR) comes into place on 25
May 2018.
The GDPR will replace the current European
Data Protection Directive and applies to all
companies worldwide that process personal
data of European Union Citizens. The new
regulation aims to harmonise privacy laws
across Europe and increase the control that
individuals have over their personal data.
Considering that the previous laws came into
force in the 90’s when the world was a
different place, the law did not consider
electronic data collected and processed by
global call centres, data storage clouds,
social media or even iPhone’s! With
continued changes and significant
developments to technology, it has become
more important than ever to increase public
trust and confidence in the way personal
data is used.
Whilst the main underlying concepts and
principles of the GDPR remain the same as
the current EU data protection regime, there
are some key changes including:
Wider Territorial Scope
The GDPR applies to the processing of
personal data in the EU, regardless of where
the processing actually takes place.
Therefore, organisations outside of the EU
who are processing the data of European
residents have to comply with the GDPR
including those that do not have a physical
presence in the EU.
Enforcement
The penalties for failing to comply with the
GDPR are worryingly high but have successfully
caught the attention of all organisations as they
make all efforts to ensure compliance. By failing
to comply, organisations can be fined up to 4%
of annual global turnover, or €20 million,
whichever is the greater. This does not take into
account any claims from individuals and
repercussions to reputation!
Processors
For the first time, the new data protection laws
will place strict rules on data processors and there
are express provisions on what they can and
cannot do. Together with data controllers, the
data processors are also subject to the
Information Commissioners Office’s new
enforcement powers and are responsible for
lawfully determining the purposes and means of
processing personal data.
Accountability
The GDPR obligates both data controllers and data
processors to keep a detailed record of all data
processing, to carry out data protection impact
assessments for high risk processing operations
and to implement data protection by design and
default. This means that data protection must be
a core priority in all business planning from the
outset where personal data is involved.
Featured Article
Consent
Obtaining valid consent to process personal
data is harder than ever! It must be requested
in plain language, require a positive response
and can only be sought where the data
subject will not suffer any detrimental effects
when refusing. Data Subjects must also be
informed of their right to withdraw consent at
any time and how to do so.
Data Protection Officers
Certain organisations must appoint a Data
Protection Officer to promote and oversee
compliance of the new GDPR, depending on
their size or business type. The DPO must
have expert knowledge of data protection law
and report directly to the highest
management level.
Data Breach Notification
The GDPR has introduced a mandatory
obligation for data controllers to notify the
ICO for certain types of breaches to the data
protection principles. The notification must
be sent within 72 hours of discovering the
breach if the breach is likely risk the rights
and freedoms of individuals. If the breach is
unlikely to result in such a risk, controllers do
not have to report it but they must justify and
document their decision as failure to do so
could lead to increased penalties. There are
also circumstances where individuals must
also be informed of breaches relating to their
personal data.
If you would like to contribute to the newsletter please do contact a member of the committee.
Data Subject Rights
Another key change relates to the enhancement
of individual’s rights in relation to their personal
data. Organisations must ensure that personal
data is processed fairly and lawfully by providing
information to data subjects regarding the
collection and processing of their personal data
and informing them of their rights. All information
must be provided in a concise, transparent,
intelligible and easily accessible form, using clear
and plain language.
The new and expanded rights also include-
- Right of access
- Right to rectification
- Right to restrict processing
- Right to be forgotten
- Right to data portability
- Right to object
There are a number of other key changes which
will also affect organisations and with the clock
ticking, it is important that organisations start to
prepare. The ICO have published guidance on
various subjects to help understand the approach
to the new law but the real change is to
understand the rights of data subjects and to
implement privacy considerations to protect
them.
The GDPR is an exciting and long awaited
development but with household names regularly
hitting the newspaper headlines for data breach
scandals, preparation must start now or you will
be next!