GDPR request: A couple of clients have made GDPR requests for their files at the end of the case. The prospect of having to download electronic data, find and copy each and every email and attendance note to send to each client who asks on top of doing the poorly paid work in the first place is enough to make me think why bother with this work…. The Law Society Website advice has no practical guidance of what we are required to do in these circumstances.

A client file may contain:

1.       Electronic IDPC

2.       Crown Court papers which are actually stored on the Crown Court Digital System

3.       Discs such as ABEs or telephone data provided by the Crown

4.       Links to recordings of BWC or CCTV which could be downloaded and stored separate from the link.

5.       Copy correspondence/emails to and from CPS

6.       Copy correspondence/emails to and from the client

7.       Notes of clients instructions

8.       Other attendance notes made by the solicitor

9.       GP documents provided by the client

10.   GP or other expert documents obtained by the solicitor, possibly electronically stored.

11.   Name address telephone number NI number email address  date of birth of the client

12.   Other miscellaneous things

If a client asks for GDPR access to their file, which of the above are we obliged to provide to the client? The client will have received correspondence from us during the case and will have received other documentation as well. Can we tell them that we have their name address etc which we are obliged to keep for a number of years because of the retainer and the funding and leave it like that?  If we have to download and print information how much can we charge for doing so?

Mark Bagshaw

Partner

Bagshaws Criminal Defence

Greystoke House, 80-86 Westow Street, London SE19 3AF
Tel:  020 8768 6400
Fax:  020 8768 6434
DX:  34150 Norwood North

Email: m.bagshaw@allaw.co.uk

CJSM email: m.bagshaw@hartnells.com.cjsm.net