Main menu


+44 (0)151 600 3000


+44 (0)161 836 8800


+44 (0)1772 823 921

Search form

Search form



The upcoming developments in data protection legislation have been a hot topic for some time now and, as the impending date upon which the EU’s General Data Protection Regulation (GDPR) comes into force (25 May 2018) looms ever closer, there is still an air of uncertainty around how the changes will affect businesses in practice.

Contrary to popular belief, the GDPR and the UK’s new Data Protection Bill (the “Bill”) do not represent a complete overhaul of the existing UK data protection framework, and many businesses may find that they only need to make minor amendments to their operations in order to comply with the new rules. Nevertheless, with the increased sanctions for non-compliance under the GDPR, it is important for businesses to understand their obligations and review their practices to address any shortfalls in compliance. Whilst the Bill passes through Parliament it is still subject to amendments; however, we consider it unlikely that any provisions will be substantially changed.


GDPR vs the Bill

A general summary of the differences between the GDPR and the Bill.

The Bill vs the Act

A detailed overview of the changes that the Bill introduces, compared to the existing rules under the Data Protection Act 1998.

Data Subjects’ Rights under the GDPR

An investigation into the rights of data subjects under the new regulations, and how this compares with the old framework.

Exemptions under the Bill

Many businesses rely on exemptions to process personal data without breaching the rules – how are they affected by the new GDPR and the Bill?

Criminal offences under the Bill

A comprehensive look into the criminal offences introduced (or amended) in the Bill.

European Parliament moves to begin E-Privacy Regulation negotiations

An introduction to the proposed E-Privacy Regulation which, whilst not being restricted to the protection of personal data, ties in closely with the GDPR.

UK website Privacy Notices are far from compliant with GDPR

Danny Greenland reports on the ICO’s findings that many websites’ privacy notices will not pass muster when the GDPR comes into effect.

ICO Announces Changes to Binding Corporate Rules Applications

Danny Greenland reports on changes to Binding Corporate Rules applications.

Morrisons Vicariously Liable for Employee’s Deliberate Payroll Data Protection Breach

A look at the recent decision regarding data protection breaches by employees.

Commercial Blogs

View our commercial blog


Follow our Commercial solicitors on Twitter for news and details of upcoming events - @BrabnersIPCom

Internal Investigations and Litigation Privilege
Tuesday 20th March 2018

Organisations often have policies and procedures in place for conducting investigations, whether on matters of health and safety, employment, or other allegations of wrongdoing.  Those investigations will generate documents and there have been several recent cases on the question of whether those documents are disclosable in subsequent litigation.  A recent High Court Judgment gives further guidance on this issue.

In litigation the parties must conduct a search for documents as ordered by the Court and then disclose documents (including electronic documents) to their opponent.  This is an area of proceedings which is subject to reform, with consultation under way on proposed reforms as discussed in our previous blog here.

When considering which documents to disclose to its opponent, a party can object to the inspection of otherwise disclosable documents on the basis that they fall within one of two types of privilege:

  • Legal professional privilege, which covers confidential communications between a lawyer and their client for the purpose of giving or seeking legal advice.
  • Litigation privilege, which covers confidential communications between a client and their lawyer (or a third party) where adversarial litigation has started or is in reasonable contemplation, and the communication is for the sole or dominant purpose of litigation.

During internal investigations documents are always generated at the early fact-finding and interview stage, where litigation has not even been threatened.  If litigation is later commenced, the question is whether those documents are protected by one of the forms of privilege above.  The latest case to have considered this issue is Bilta (UK) (in liquidation) & others v Royal Bank of Scotland & another [2017].

HMRC had sent a letter to RBS making allegations about certain transactions which took place during 2009.  Later correspondence was sent by HMRC stating that the bank’s claim for VAT input tax might be at risk, and they invited the bank to set out its views.  The amount in dispute was some £86 million plus interest.  RBS instructed a firm of solicitors to lead the internal investigation.  That investigation generated interview transcripts and other documents.

The transactions involved the former directors of Bilta and the liquidators of that company later commenced Court proceedings against the bank, and they sought the disclosure of documents generated by the internal investigation, including the interview transcripts.  The Court considered whether those documents were protected from disclosure by litigation privilege.

Adversarial litigation was in reasonable contemplation at the time of the internal investigation, because of the letter received from RBS.  The issue here was over the dominant purpose of the documents – whether they had been generated for the purpose of conducting the contemplated litigation or for some other purpose such as trying to persuade HMRC not to issue a tax assessment.  Sir Geoffrey Vos took the view that the latter was at most a secondary purpose and held that the dominant purpose was litigation.

The Judgment refers to various facts including the letter from HMRC asserting that there might be grounds to deny input tax (which was consistent with a dispute arising), that RBS instructed an external tax litigation team to lead the internal investigation, that the solicitors’ letter of engagement described their work as “to provide legal advice in respect of a dispute with HMRC regarding the recoverability of income tax…” and that the letter of RBS to HMRC following the investigation, was comparable to a letter of response to a letter of claim.  On this basis the Judge determined that these documents were created for the sole or dominant purpose of litigation against HMRC (in the First Tier Tribunal (Tax Chamber)), and that RBS was entitled to refuse to disclose them to the liquidators of Bilta on the ground of litigation privilege.

Other recent decisions have gone the other way, and have found that (in the circumstances of those cases) documents generated by an internal investigation are not privileged.  So each case will be determined on its particular facts and all parties to litigation must properly consider their disclosure obligations in light of the statements of case and the disclosure direction from the Court.  However there are certain practical steps that a business can take to seek to improve the prospect of successfully arguing that internal investigation documents fall within litigation privilege.  They include the following:-

  • Properly understanding what documents are being created by the internal investigation and why they are being created.  In this case the Judge considered the contemporaneous evidence of the bank’s senior employees which set out their reasons for conducting their internal investigations;
  • Instructing specialist legal advisors at an early stage;
  • Considering to whom documents are disseminated, and why, and including legal advisors in correspondence; and
  • Marking correspondence and documents with confidentiality terms including that they are privileged and have been created and disseminated in contemplation of litigation.

These steps will not be determinative of the issue and so there will always be a risk that the documents generated by an internal investigation will be disclosable in subsequent litigation, and the recent cases should act as a reminder to businesses (and to their in-house legal advisors) of the risks involved when carrying out such investigations.

If you would like to find out more on the topic please contact Glym Lancefield on 0151 600 3060 or via email.


Paralegal - Corporate, Liverpool

Job Title
Paralegal - Corporate, Liverpool
Apply by Date
Friday 27th April 2018
Corporate / Liverpool
Permanent / Full-time
Apply Now - No recruitment agency applications please

Natasha Collins

Trainee Solicitor

Possession the absolute way
Monday 19th March 2018

Recorder Edge handed down judgment in the County Court at Liverpool On 12th March 2018 in a claim for possession based on anti-social behaviour issued by The Riverside Group Limited (“Riverside”) and heard at trial on 22nd and 23rd January 2018.

The claim for possession was based on Grounds 7A (Absolute ground for possession), 12 (Breach of tenancy), 13 (Property condition) and 14 (Nuisance and anti-social behaviour) of Schedule 2 of the Housing Act 1988.

The trigger incident for the Absolute ground for possession occurred in June 2015 when the tenant’s wife bit the ear off an innocent victim during a darts tournament being held at Birkdale Labour Club.  This incident occurred four miles away from the property and the victim lived within the locality of the property (a seven minute walk). The wife was convicted and received a custodial sentence and the tenant was convicted of perverting the course of justice in respect of the offence.

As well as pleading the Absolute ground for possession, Riverside also relied upon discretionary grounds based on breach of tenancy, property condition and nuisance and anti-social behaviour perpetrated by the tenant, including a number of criminal offences occurring within the locality of the property.

The lead officer at Riverside, Mr Christopher Hemlin, gave evidence that the anti-social behaviour seen in this case was amongst the worst he had seen in his role as a Community Safety Officer.

Recorder Edge stated in his judgment that Mr Hemlin impressed him as an honest and straightforward witness who was professional, diligent and even handed, such that he had no hesitation in accepting his evidence as accurate.

To the contrary, Recorder Edge commented that the tenant was an unimpressive witness and despite making allowance for the tenant’s mental health, commented that the tenant lacked credibility and was considered to be evasive, vague, uncertain and dishonest in his testimony.

The Judge was satisfied that the absolute ground for possession was made out and that it was a proportionate means of achieving a legitimate aim to grant a possession order.  The Judge also deemed it “necessary, proportionate and justified” to grant possession on the discretionary grounds in addition.

In his judgment, and for the purposes of the absolute ground, Recorder Edge rejected the defence argument that only incidents relating directly to the trigger incident could be considered on the question of proportionality, preferring instead the argument advanced on behalf of Riverside that the Judge had discretion to consider all matters he deemed relevant, whether occurring before, during or after the trigger incident. Both parties accepted that there was no higher court authority on this point in the context of the absolute ground.

Notwithstanding the tenant’s Equality Act defence, the Judge praised Riverside’s approach in dealing with the tenant’s personal circumstances, commenting that Riverside had made appropriate enquiries and acted appropriately and reasonably by offering support throughout directly to the tenant and indirectly to the tenant’s solicitors.

A forthwith possession order was granted.


Now you fee me, now you do?
Friday 16th March 2018

The General Data Protection Regulation (GDPR) introduces many new obligations and represents a significant regulatory burden for organisations. In one respect however, it had been sold as lifting a key burden. The GDPR specifically calls for the abolishment of any “general obligation to notify the processing of personal data to the supervisory authorities.” In the recitals, the GDPR notes that such general obligations, of which the current UK system is an example, can produce administrative and financial burdens, without actually contributing to the effective protection of personal data.


Under the Data Protection Act 1998, all data controllers are currently required to register (or ‘notify’) with the Information Commissioner’s Office (ICO). A fee must be paid at the time of registration, and every subsequent year in order to maintain the registration.

The current fees are set by the Data Protection (Notification and Notification Fees) Regulations 2000 (the 2000 Regulations). The 2000 Regulations contain two tiers of fee for data controllers:

Tier 1 (controllers with a turnover of less than £25.9 million or fewer than 250 staff) - £35

Tier 2 (controllers with a turnover of at least £25.9 million and 250 or more members of staff) - £500

The level of the fee was set by the Secretary of State for Digital, Culture, Media and Sport (DCMS), specifically with regard to offsetting the costs incurred by the ICO in carrying out its data protection functions.

The new scheme

Despite the attitude of the GDPR to such notification requirements and financial burdens, the Digital Economy Act 2017 (DEA) makes provision to allow the Secretary of State for DCMS to set new fees to be paid by data controllers under the GDPR regime. Similarly to the former regime, the Secretary is to have regard to offsetting the ICO’s expenses incurred in performing its data protection functions. The Data Protection (Charges and Information) Regulations 2018 (the 2018 Regulations), laid before parliament last month, set the level of the new fees.

Under the new regime there will be three, rather than two tiers of fee:

Tier 1, micro organisations, includes charities, small occupational pension schemes those controllers having a turnover of £632,000 or less, or having fewer than 11 staff - £40

Tier 2, small and medium organisations, includes those controllers that do not fall within tier 1 and have a turnover of £36 million or less, or have 250 or fewer staff - £60

Tier 3, large organisations, includes all controllers that do not fall into either tier 1 or tier 2 - £2,900


Given that most data controllers that were paying £500 under the older system will fall into the new tier three, this represents quite a significant raise. If, for example, the £500 fee had risen with inflation, it would still only be £623.61.

The explanatory notes to the 2018 Regulations explain the extraordinary rise as reflecting the increased level of information risk presented by tier 3 controllers and the income required for the ICO to perform its new functions under the GDPR.

Though there is undoubtedly a more significant information risk for controllers under the GDPR regime than under the current rules, it appears that it is budgetary considerations that may have driven the tier 3 fee so high. A study undertaken by the Department for DCMS in 2016 projected that the ICO’s funding requirement for 2016/17 would be approximately £19 million. The financial forecast for 2018/19, the first year under the new GDPR regime, puts the ICO’s income requirement at £30 million.

Many organisations will be disappointed by the level of the new fees. Draft texts of GDPR, available for a number of years, had trailed the abolition of the fee which had been viewed as a small silver lining in a piece of legislation that would result in a significant compliance burden for businesses. Though increased accountability measures and stricter procedures will not result in any financial saving for organisations, the new fee may mean that the ICO will not feel the need to resort to the maximum possible fines of €20 million or 4% of global annual turnover for funding.


Education Sector Gender Pay Gap Reporting
Friday 16th March 2018

It’s been on the radar for some time but there is now less than a month to go before educational establishments with 250 or more employees need to publish their gender pay gap information.

The exact deadline for reporting your gender pay gap information will depend upon whether your organisation is classified as a public sector body or a private/ voluntary sector body.

Maintained schools, academies and free schools are classified as public sector bodies and are covered by The Equality Act 2010 (Specific Duties and Public Authorities) Regulations 2017 and must publish their required information by no later than 30 March 2018 (and by the same date each year thereafter). Independent and private schools are classified as private sector bodies and are covered by The Equality Act 2010 (Gender Pay Gap Information) Regulations 2017 and must publish their required information by no later than 4 April (and by the same date each year thereafter).

Both sets of Regulations require analysis and publication of the gender pay gap information based on six compulsory calculations that are aimed at exposing gender pay gaps.

Where a gap exists employers should question the causes of the gender pay gap in their organisations and, it is hoped, consider the measures they can take to narrow it.

Crucially, once employers publish their gender pay gap reports, it will also be existing employees, potential job applicants, customers, contractors, suppliers and clients that may question why there is a gap and what steps are being taken to address this.  In the government’s consultation response, the Young Women’s Trust was cited as reporting that 84% of women surveyed, aged 16 – 30, would consider an employer’s gender pay gap before applying for a job.

Although the mandatory pay gap reporting will only initially apply to organisations with 250 or more employees it is perhaps likely that, over time, this requirement will eventually filter down to organisations with employee numbers below this level. Even if it doesn’t, if you decide to voluntarily address any gender pay gap you may have and are transparent about the steps you are taken you will be demonstrating your commitment to equal opportunities and best practice.

If you haven’t yet published the required information we can help by advising on compliance with this new regime, reviewing your draft reports and advising on tricky areas such as who would be classified as an “employee” for the purposes of these reporting requirements. We can also assist you with drafting a narrative that explains any gender pay gap and details strategy for reducing it.

In some circumstances, seeking advice may also bring the benefit of legal professional privilege against information and draft reports/data that would otherwise be disclosable in legal action, such as Equal Pay claims.

Don’t delay- the clock is ticking loudly now for your first reports to be published.

For further information, please contact Stephen Brodie on 0151 600 3150 or via email



GDPR for Social Landlords
Wednesday 14th March 2018

Are you ready for the implementation of GDPR on 25th May 2018?

The Information Commissioner’s Office (ICO) has provided the following checklist to ensure that your business is ready for implementation:

  • You have conducted an information audit to map data flows.
  • You have documented what personal data you hold, where it came from, who you share it with and what you do with it.
  • You have identified your lawful basis for processing and documenting data.
  • You have reviewed how you ask for and record consent.
  • You have systems to record and manage ongoing consent.
  • Your business is currently registered with the ICO.
  • You have provided privacy notices to individuals.
  • You have a process to recognise and respond to individuals’ requests to access their personal data.
  • You have processes to ensure that the personal data you hold remains accurate and up to date.
  • You have a process to securely dispose of personal data that is no longer required or where an individual has asked you to erase it.
  • Your business has procedures to respond to an individual’s request to restrict the processing of their personal data.
  • You have processes to allow individuals to move, copy or transfer their personal data from one IT environment to another in a safe and secure way, without hindrance to usability.
  • You have procedures to handle an individual’s objection to the processing of their personal data.
  • You have identified whether any of your processing operations constitute automated decision making and have procedures in place to deal with the requirements.
  • You have an appropriate data protection policy.
  • Your business monitors your own compliance with data protection policies and regularly reviews the effectiveness of data handling and security controls.
  • Your business provides data protection awareness training for all staff.
  • Your business has a written contract with any data processes you use.
  • Your business manager’s information risks in a structured way so that management understands the business impact of personal data related risks and manages them effectively.
  • Your business has implemented appropriate technical and organisational measures to integrate data protection into your processing activities.
  • Your business understands when you must conduct a data protection impact assessment and has processes in place to action this.
  • Your business has a data protection impact assessment framework which links to your existing risk management and project management processes.
  • Your business has nominated a data protection lead or a data protection officer.
  • Decision makers and key people in your business demonstrates support for data protection legislation and promote a positive culture of data protection compliance across the business.
  • Your business has an information security policy supported by appropriate security measures.
  • Your business ensures an adequate level of protection for any personal data processed by others on your behalf that is transferred outside the European economic area.
  • Your business has effective processes to identify, report, manage and resolve any personal data breaches.

As registered providers of social housing you will be processing personal data for the purposes of GDPR in many of the activities undertaken by your staff.

Accountability and transparency are key features of the GDPR so knowing what data you have and how you intend to use it and being able to demonstrate this in a transparent way is crucial.

Please get in touch if we can assist with any training requirements or policy review.


Myth Buster – “The Court favours women over men"
Wednesday 14th March 2018

Generally speaking, it is understandable why many people have the misconception that the Court will favour wives in divorce and financial remedy proceedings. The belief seems to stem from the fact that there have been a number of substantial divorce settlements reported in the media over recent years in favour of the wife.

Historically, the woman often took the role of the homemaker and child carer and the male was the ‘breadwinner’. These traditional roles of the male and female are significant reasons behind the fact that woman seems to be awarded a “better” settlement on divorce.

That being said, this trend is rapidly adapting as society has developed and it is not uncommon for women now to work and raise a family at the same time.  Despite the evolution of the male / female roles within society, it appears to remain the case that many people still believe that the Court system favours the woman.

The reality is, however, that the starting point for the Court in determining financial matters is the doctrine of equality. There can be a departure from equality if certain factors dictate it.  For example if the woman has  given up a career for the sake of maintaining the home and / or caring for children there may be need to depart from equality.

If the woman has been the primary carer of the children her income may be lower and her mortgage capacity may be lower as a result.  She will therefore need more capital than the husband to rehouse.  However, this is not sexist.  If the Husband is the financially weaker party by virtue of being at home caring for children or indeed for any reason this will apply to them too.

Therefore, it is not that the Court favours women, but that the Court seeks to ensure that the financially weaker spouse receives a settlement that is fair and enables them to receive their fair share of the marital assets and in some instances, especially if their financial needs dictate, they may receive more than half the value of the assets to enable them to, for example, rehouse themselves.

Therefore, despite the fact that it may appear to be the case that during separation proceedings the woman obtains the more favourable outcome, the Court takes the approach that the individual’s needs to be assessed above and beyond all other factors.  Women do often received an enhanced settlement but this usually involves a capitalisation of spousal maintenance, a pension offset or a departure from equality to meet needs.

Also, it is not specific to women but rather applies to the financially weaker party which, traditionally, has been the wife.

If you have any queries in relation to financial settlements on divorce please do not hesitate to contact a member of the family team.


Congratulations as recruitment industry celebrates national expertise

Tuesday 13th March 2018

TEAM, the UK’s largest network of independently owned recruitment and employment agents, held its 6th national conference this weekend and Brabners were delighted to share legal insights with the sector and also award TEAM member of the year 2018 at the conference’s prestigious gala dinner.

Over 350 members and providers from across the country attend the national conference, which has a packed agenda of experts from a variety of specialisms bringing recruitment and employment agents up to speed with the latest developments and regulations. Speaking at the conference, Head of Employment, Manchester, Paul Chamberlain, had the honour of awarding Hart Recruitment with TEAM member of the year 2018 at the conference’s gala dinner.

Paul explained, “Brabners has supported TEAM for many years and this conference is an excellent opportunity to bring the sector together, providing industry expertise and rewarding achievement.”

Paul is Principal Legal Adviser to TEAM (The Employment Agents’ Movement), leads the firm’s relationship with the ALP (Association of Labour Providers) and was instrumental in securing the firm’s appointment to the REC’s Business Partners scheme. Paul regularly contributes articles and commentary to the industry press and presents at seminars and workshops on topical legal issues affecting the sector and is a member of TEAM’s Professional Standards Committee.

Brabners were recently awarded Employment team of the Year at the Manchester Legal Awards 2018. Read more here.