Information Law and Data Protection

Information law and Data Protection experts

Hempsons have decades of experience of advising on information law and data protection, and regularly advise NHS and other healthcare providers, third sector entities and tech start ups in the field.  We advise on the full range of information governance issues, ranging from individual requests under the subject access and freedom of information regimes, ICO investigations and appeals through to ensuring information governance compliance in artificial intelligence-powered ‘big data’ analytics projects.  Information governance issues often occur in connection with other legal issues and our information governance team has a multidisciplinary approach, working with our procurement, commercial and employment teams as appropriate.

Recent work in this area has included preparing clients for the transition to the GDPR regime and the Data Protection Act 2018, including a national programme of seminars on this issue.

Main areas of expertise

  • GDPR/DPA 2018 compliance
  • NHS Information governance compliance
  • Information sharing
  • Information access regimes (data subject access and Freedom of Information)
  • Data rights requests, complaints and claims
  • Information Commissioner investigations and appeals

PeopleView all

NewsView all

  • Data protection – getting it right

    Dentists across the UK will be all too familiar with the Data Protection Act 1998 (DPA) but possibly not yet accustomed to the EU’s General Data Protection Regulation (GDPR) which will apply from 25 May 2018. Notwithstanding Brexit, the UK government has indicated that it will implement the new regime.

    Continue reading
  • GDPR – are you ready?

    Keeping confidential information about staff and patients secure is a responsibility NHS organisations have taken seriously for a long time. But the requirements on them are about to increase. From May 2018, organisations will need to comply with the General Data Protection Regulation (GDPR), an EU regulation.

    Continue reading
  • GDPR How it affects health and social care businesses

    Keeping confidential information about staff and patients secure is a responsibility businesses operating in the health and social care sectors have taken seriously for a long time. But the requirements are about to increase. From May 2018, organisations will need to comply with the General Data Protection Regulation (GDPR), an EU regulation.

    Continue reading
  • GDPR: are you compliant yet?

    GDPR day – 25th May 2018 – came and went with a flurry of Privacy Notices and Policies filling our in-boxes. But did everyone take stock of their data and their responsibilities or are there thousands of businesses out there who are yet to up-date their systems and processes?

    Continue reading
  • Health start-ups: Online healthcare businesses – the data protection issues

    The way services are accessed has been transformed by the changes in technology over the past decade and these developments present exciting opportunities for transforming how healthcare can be delivered however, when seeking to develop new opportunities, it is essential to have a clear understanding on the law governing the use of data and ensure that these considerations are incorporated into any project from the outset.

    Continue reading
  • Healthcare newsbrief: Winter 2017 edition now available

    Welcome to the winter edition of Hempsons’ Healthcare Newsbrief. Many of you will be reading this at the NHS Providers conference where many of the issues we are writing about – from moving towards digital records to the issues around moving to an accountable care organisation – will be either discussed or on the minds of delegates...

    Continue reading
  • Hempsons’ Healthcare Newsbrief 2018

    Welcome to this autumn edition of Hempsons’ Healthcare Newsbrief. It has been a busy few months for the NHS in the legal system with some ground-breaking decisions on key areas such as withdrawing clinically-assisted nutrition and hydration, fitness to practice and procurement.

    Continue reading
  • Is your dental practice ready for GDPR?

    The current law governing the use of personal data in the UK is the Data Protection Act 1998 (“DPA”). The law will change on 25 May 2018 when the European General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) will come into effect.

    Continue reading
  • Opt in, opt out, shake it all about?

    Charities have had something of a bumpy ride lately… and the bad news is that it’s not over yet. On top of increasing scrutiny of fundraising carried out by charities, data protection law and the Information Commissioner has now come to the fore with some big-name charities fined for data protection breaches.

    Continue reading
  • What are your obligations with The General Data Protection Regulation (GDPR) – are you going to be ready?

    Certain types of personal data must be treated with particular care due to the sensitive nature of that personal data. This is of course common sense. ‘Health’ comes under what the ICO (Information Commissioner’s Office) calls the ‘special category’, making it a mandatory obligation to comply with the GDPR and more especially if you work in the health professional field.

    Continue reading