An effective and well-equipped insolvency and restructuring regime gives confidence to investors and financiers, enabling credit to flow through to businesses and boost economic activity, growth and innovation.

The new Data Protection Bill has already had its first and second readings in the House of Lords and will replace the UK’s current Data Protection Act 1998 (DPA) along with the general Data Protection Regulation (GDPR) on 25 May 2018. Also whatever happens regarding Brexit, the UK has committed to retaining the same principles and laws regarding Data Protection whether or not the UK is in the EU. UK companies should now be taking appropriate steps to ensure that they will be compliant with the new GDPR requirements.

Why the importance?

What is the GDPR?

In the matter of Bernard L Madoff Investment Securities LLC [2009] EWHC 442 (Ch), Mr Justice Lewison granted an application for the transfer of personal data in the possession of the joint provisional liquidators of a UK subsidiary to the trustee in bankruptcy of its parent company in the US, Bernard L Madoff Investment Securities LLC. The application was granted on the basis that it was necessary for reasons of substantial public interest.

Dealing with subject access requests (“SAR”s) under the Data Protection Act 1998 is becoming a regular occurrence for many organisations, particularly banks and their advisors.  Processing such requests can take up significant manpower and the costs can be substantial.  Whilst designed to allow individuals to access personal data, determine its source, why it is held and who it is shared with, in reality SARs are frequently being used as a fishing exercise for prospective litigation and complaints against institutions such as banks.  The recent case of 

The High Court has confirmed that all rights relating to the control of data belonging to, or being controlled by, a company at the time it entered into liquidation remain vested in the company at and following its liquidation. Liquidators are therefore not personally liable for compliance with the Data Protection Act 1998 in respect of this data as they will be viewed as agents acting for the company rather than as 'data controllers'.

A judgment recently handed down from the High Court clarifies the obligations of liquidators under the Data Protection Act 1998, providing them with greater personal protection from fines or other sanctions.

Reed Smith acted for the liquidators in their application for directions.

Background

Dealing with subject access requests (“SAR”s) under the Data Protection Act 1998 is becoming a regular occurrence for many organisations, particularly banks and their advisors.  Processing such requests can take up significant manpower and the costs can be substantial.  Whilst designed to allow individuals to access personal data, determine its source, why it is held and who it is shared with, in reality SARs are frequently being used as a fishing exercise for prospective litigation and complaints against institutions such as banks.  The recent case of 

An effective and well-equipped insolvency and restructuring regime gives confidence to investors and financiers, enabling credit to flow through to businesses and boost economic activity, growth and innovation.

What is the GDPR?