Latest insights from our experts

Posted 12 September 2017
by Stephen Jennings

The General Data Protection Regulation (“GDPR”)

a computer screen

The new General Data Protection Regulation (“the GDPR”) which governs how data is held and processed comes into force on 25 May 2018.

Most parks will process personal information and will be able to continue to do so under one of the six legal bases provided.  Decisions should be documented so the legal basis used can be demonstrated to the Information Commission Officer (“ICO”) if necessary.

The six legal bases are:

  1. Consent of the data subject
  2. Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
  3. Processing is necessary for compliance with a legal obligation
  4. Processing is necessary to protect the vital interests of a data subject or another person
  5. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
  6. Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject

Compliance will be imperative given that the ICO will be able to levy significantly increased fines.

Further information on key changes can be found here: GDPR Document

If you have any queries regarding data protection or if you are interested in subscribing to our Parklaw service contact the Parks Team by telephone on: 01392 207020 or email

Want to know more?

Request a call back or ask us a question using our quick-contact form.
Alternatively you can call us on 01392 207020.

About the author

Stephen Jennings

Partner and Solicitor

Partner in the litigation department specialising in employment law, he is the relationship manager for many of the firm's employment clients