With the countdown to Brexit clock still ticking it seems that all has gone (relatively) quiet on the Brexit front. Parliament is not sitting and won’t be back until 14th October but this has not stopped politicians and commentators on all sides of the debate from re-iterating their deeply-held positions.
Behind the scenes, it is reported, there is a great deal of shuttle-diplomacy taking place. Both the Prime Minister and his chief negotiator, David Frost, have become frequent passengers on the Eurostar as they dash between London, Brussels and the other capitals of Europe. Yet the details of the discussions are still far from clear.
The “non-paper”
On Thursday it emerged that apparently the Government has issued a ”non-paper” to the EU outlining some thoughts on how an acceptable Brexit deal can be achieved. “Non paper” is a particularly bizarre EU concept for written proposals that have no formal status. At the risk of sounding like something from Alice through the Looking Glass, it is a paper that is not a ”paper”.
The details contained in the non-paper are unlikely to be officially released. But, if past experience is anything to go by, non-papers tend to see the light of day through unofficial and unattributable leaks.
The Law’s Delay
With little information to go on it is perhaps unsurprising that attention has turned to the other burning issue in UK politics – the judgement of the Supreme Court on the legality of the decision to prorogue Parliament. Whilst this is not a Brexit issue in itself, the plaintiffs in the two cases before the Court clearly suspect that Parliament was suspended in order to prevent scrutiny of the Brexit negotiations.
At the time of writing the judges are still out and the judgement is yet to be issued. Whatever the decision it is clearly going to have an impact on the course of the Brexit countdown.
With attention focussed on legal matters it is perhaps worthwhile spending a little time looking at an often misunderstood aspect of data protection law, specifically the legal basis for processing data.
On what legal basis can companies process personal data?
The collection and processing of personal data must be first and foremost be lawful under the GDPR and Data Protection Act 2018. There are six legal grounds for processing and one of them MUST apply. They are summarised below in no particular order:
- Consent – a person must have given their consent for one or more specific purpose(s) (e.g. for consumer electronic marketing purposes)
- Contract – the processing is necessary for the performance of a contract to which a data subject is a party or has requested before entering into a contract (e.g. for employee, client or third-party contracts)
- Legal obligation – for compliance with a legal obligation such as HMRC
- Vital interests – processing is necessary to protect a data subject or another person (e.g. medical records in the case of an accident)
- Legitimate interests – where data processing is necessary for the purposes of the legitimate interests of the data controller, except where such interests are overridden by the interests or fundamental rights or freedoms of the individual (a Legitimate Interests Assessment must take place e.g. for some direct marketing purposes)
- Public interest – for a task carried out in the public interest or in the exercise of official authority vested in the controller
Please feel free to contact us if you have any queries or concerns about how Brexit will affect your business, by calling 01787 277742 or email teambrexit@datacompliant.co.uk
Gareth Evans, 20th September 2019