Walker & Partners Ltd – Data Protection Policy – May 2025
Data protection policy
A data protection policy is in place and available to all staff setting out the procedures that are in place. The data protection policy is kept in the Data Protection Policy Register. Martin Walker is the Data Protection Officer. Walker & Partners limited will annually review whether it is required to take any steps under the data protection policy.
Information management
The practice has a policy for the overall management of all electronic data. The responsibility for its management is with Martin Walker.
The practice holds data with regard to all client matters in Law Fusion. Data relating to the financial affairs of the firm is held externally by the firm’s accountants.
The practice has identified the following critical risk(s) to the data specified above:
The practice has in place the following processes, procedures and technology to eliminate, minimise or transfer the critical risks identified above, and for maintaining the integrity of any material stored electronically:
The practice provides training to all staff in order to ensure that all members of staff are competent to manage electronic data. This will be provided on an individual basis and will be tailored to the individual staff member’s specific requirements.
The practice has the following technologies for the management and safe storage of electronic documents: computer system with back-up storage, firewall and anti-virus programmes.
Management of the firm’s electronic document technology is the responsibility of Martin Walker.
The types of documents to be held in the systems for managing documents are:
These are what are classed as Records of Processing Activities.
The firm has in place the following procedures, and operates the following technologies, for safeguarding the integrity of electronic documents:
Subject access requests
Any individual whose data is held by the firm may make what is called a ‘subject access request’, i.e. a request to see what data is actually held about them. All such requests should be addressed in writing to Martin Walker. Should any request be made, Martin Walker will arrange for the firm to comply with the request free of charge, unless in his reasonable professional opinion the request is manifestly unfounded or excessive, whereupon he reserves the right to refuse the request or charge for the request as he deems appropriate. In the event of any request being refused, the individual making the request must be informed as soon as possible and in any event within one month of his or her right to complain to the Information Commissioner’s Office and of his or her right to a judicial remedy.
After receiving the request, our DPO will log the request and will seek written authority if someone is requesting data on behalf of another. The data will then be located relevant data will be compiled. The data will be reviewed to ensure no third-party personal data is disclosed. If necessary, redaction and exclusion will take place. The response will be prepared which will include a copy of the data, retention periods, right to complain to ICO & Data subject rights. The response will then sent and records kept.
Data breaches
Should any member of staff become aware of a breach of any of the requirements of the Act or the GDPR, or suspect that the rights of any data subject have been or may be compromsied, they must notify Martin Walker without delay. Martin Walker will notify the Information Commissioner’s Office of any such breach or concern as soon as possible and in any event within seventy-two hours of becoming aware of any such breach or concern.
Data Protection Privacy Impact Assessment
With the introduction of new technologies for the firm, the firm may carry out a Data Protection Impact Assessment as such technologies may process client data or potentially staff data.
Review of Retention Schedules
When a review of retention schedules are required, the firm will outsource to a reputable IT company to assist in the process. However, it will include compiling a full inventory of all data types held by the firm and will use a RoPA tool for this purpose. There will be identification of applicable legal and regulatory requirements, a process to define the firm’s needs a complete risk assessment.
E-mail is routinely available to all personnel through the firm’s computers.
The following guidance is given to ensure that the facility is properly used and not abused. If there is any doubt or concern, reference should be made to Martin Walker. If a suspicious e-mail message is received, for example from an unidentifiable sender, especially with attachments, it should not be opened. Particular caution is needed where the message is from a familiar source but there is no text in the message. In such circumstances, please telephone the sender before opening that attachment to see if they have indeed sent a bona fide message to you. Alternatively, please refer the issue to Martin Walker. Where there is still doubt, the message should be deleted without being opened.
The overriding principle is that e-mail messages are to be controlled and processed to the same standards as for normal correspondence. Because e-mails, both received and sent, are processed on an individual personal computer, in the majority of instances without the knowledge of Martin Walker, there must inevitably be a high degree of trust from everyone in the use of e-mails.
The arrangements in relation to messages are as follows.
Deletion of e-mails
It is the responsibility of the individual to review regularly all stored messages and delete those that are no longer required. All staff members are asked to ensure that printed copies of messages, including draft documents, have been placed on the client file before deletion of messages.
Virus protection
The firm’s e-mail facility is protected by McAfee Virus Scan and regular protection updates will be received
Internet use
Acceptable uses of the internet are as follows:
legal research; client or practice research.
Any other personal or social use of internet facilities must be kept to a minimum and in no circumstances should any individual within the firm peruse sites that could reasonably be regarded as pornographic or offensive, unless it is necessary to do so in relation to a client’s matter.
Users must also be wary of breach of copyright from inappropriate downloads.
Secure e-mail
Walker & Partners limited have a secure email address. Secure email is a safe, efficient, alternative to regular email, fax and post. The information contained in a secure email is encrypted, so it can only be read by the intended recipient. By contrast, regular emails can be fairly intercepted and read by just about anyone. The secure email service is an important part of the process of joining up the Criminal Justice System (CJS) in England and Wales. It allows people working across the CJS who choose to participate (and indeed must participate in some instances, for example, in communications with courts, the Crown Prosecution Service, the Police, defence solicitors, barristers and Youth Offending Teams), to send emails containing restricted (i.e. sensitive data), in a secure way to each other. Only the solicitors have access to a secure email address. It is the responsibility of the solicitors to review regularly all stored messages and delete those that are no longer required. Common Platform is a case management system for HMCTS, the judiciary and professional court users including defence. Walker & Partners limited have a Common Platform defence organisation account which is necessary for attending any hearings where Common Platform is used and to access case material. Martin Walker is the administrator for Walker & Partners limited for the Common Platform.