GDPR Statement 



Nicola Wallace and 4 Paper Buildings (4PB) are required to comply with the law governing the management and storage of personal data, which is outlined in the General Data Protection Regulation 2016 (GDPR) and the Data Protection Act 1998


Protection of personal data and respect for individual privacy is fundamental to the day-to-day operations of the delivery of legal and mediation services by Nicola Wallace and of 4PB


Compliance with the GDPR is overseen by the UK data protection regulator, which is the Information Commissioner’s Office (ICO). Nicola Wallace and 4PB are accountable to the ICO for its data protection compliance. 





The Data Protection Purpose


The purpose is to protect and promote the data protection rights of individuals and of Chambers, by informing members and everyone working for and with Chambers, of their data protection obligations and of Chambers procedures that must be followed in order to ensure compliance with the GDPR. 




This policy covers all personal data and special categories of personal data, processed on computers or stored in manual (paper based) files. 


Data Protection Principles 


The GDPR is based around 8 principles which are the starting point to ensure compliance with the Regulation.  Nicola Wallace and everybody working in for and with 4PB must adhere to these principles in performing their day-to-day duties. The principles require Nicola Wallace and 4PB to ensure that all personal data and sensitive personal data are:


  1. Processed lawfully, fairly and in a transparent manner in relation to the subject (‘lawfulness,fairnessand transparency’) 


  1. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’)


  1. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)


  1. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)


  1. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which personal data are processed (‘storage limitation’)


  1. Processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures (‘integrity and confidentiality’)



Rights of the data subject 


The GDPR gives rights to individuals in respect of the personal data that any organisations hold about them. Nicola Wallace and everybody working for 4PB must be familiar with these rights and adhere to 4PB’s procedures to uphold these rights.


These rights include:

•       Right of information and access to confirm details about the personal data that is being processed about them and to obtain a copy;

•       Right to rectification of any inaccurate personal data;

•       Right to erasure of personal data held about them (in certain circumstances); 

•       Right to restriction on the use of personal data held about them (in certain circumstances);

•       Right to portability – right to receive data processed by automated means and have it transferred to another data controller;

  • Right to object to the processing of their personal data.


Nicola Wallace and 4PB must be able to demonstrate its compliance with (a) – (f) above (‘accountability’).


Processing personal data and sensitive personal data 


Nicola Wallace and 4PB must process all personal data in a manner that is compliant with the GDPR, in short, this means there must:

  • be legitimate grounds for collecting and using the personal data;

  • no use of the data in ways that have unjustified adverse effects on the individuals concerned;

  • be transparency about how you intend to use the data, and give individuals appropriate privacy notices when collecting their personal data;

  • be only the handling people’s personal data in ways they would reasonably expect; and

  • nothing unlawful done with the data held.



 A request from a data subject (a client or other third party concerning whom Nicola Wallace and 4PB hold personal data) “a Subject Access request’ should be ma=de to Nicola Wallace in the first instance who will comply with the request in line with statutory duties and in line with the GDPR policies of 4PB. 


Confidentiality and data sharing 


Nicola Wallace and 4PB only share personal information with other individuals or organisations only where they are permitted to do so in accordance with data protection law.