top of page

Data Protection

  • ​Consent

  • Contracts with data processors

  • Transfer of data outside EU

  • Data protection breaches

  • Notifications to ICO and data subjects

  • Dispute resolution

  • Defence of claims for damages

  • Training

Mariel is a qualified data protection practitioner and outsourced Data Protection Officer. Over many years she advised a police force on data protection  (and freedom of information requests), and she successfully defended claims for compensation for data protection breaches and breach of the article 8 right to privacy.

 

Businesses, start ups and firms of solicitors instruct her to advise on the processing of personal data about customers and clients, how to respond to data subject access requests and obtain effective consent, and the lawfulness of transfers of personal data outside the UK and EU.

 

She advised the claims handling teams and GDPR working group of an insurer and also a Lloyd's syndicate on compliance with new data protection legislation. Post BREXIT she advises the Chartered Insurance Institute. A large teaching hospital and regulatory body has retained her on compliance and training issues. She has regularly advised a multi national online retailer and a start up online metal recycling broker on data protection.

 

​Mariel recently made a successful claim for compensation against a public authority who shared health information about a manager's absence from work, due to stress, to other managers who did not need to know. â€‹

​

  • Outsourced data protection officer

  • Compliance audits

  • Data protection impact assessments

  • Data retention advice

  • Data protection policies

  • Records of processing activities

  • Records of decisions

  • Privacy notices

  • Data subject access requests

Case Summaries

Sickness Absence

 

At weekly and monthly management meetings, sickness absences were regularly discussed. Over fifty managers were on the mailing list for the meeting minutes, although they contained health information about identified individuals which most of them did not need to know. When one of those who was absent complained about disclosure of their stress at work related mental illness and the stigma that was attached, the mailing list was shortened but a number of managers who did not need to know remained. Mariel advised there was likely to have been a data breach of special category information as this processing was not necessary and so there was no legitimate basis for it. Liability was admitted in response to the letter of claim. In the meantime the system of work had been changed so that sickness absences were discussed between the individual’s line manager and their direct report only.

Data Protection Officer

​

Mariel is the outsourced Data Protection Officer for an online retailer. When negotiations to buy out companies were at a critical point, she advised on the data protection implications of taking over other retailers and using their marketing mailshot lists. She has advised on obtaining the consent of customers to mailshots when they open accounts online. Post-Brexit, she has been involved with the suggested relocation of two websites, both hosted in different countries within the EU, although the company is based in the UK. She has drafted the company’s data protection policies and procedures, and privacy notices, and provides ongoing advice on data protection matters.

DPO
bottom of page