Skip to content
Law Society of Scotland
Search
Find a Solicitor
Contact us
About us
Sign in
Search
Find a Solicitor
Contact us
About us
Sign in
  • For members

    • For members

    • CPD & Training

    • Membership and fees

    • Rules and guidance

    • Regulation and compliance

    • Journal

    • Business support

    • Career growth

    • Member benefits

    • Professional support

    • Lawscot Wellbeing

    • Lawscot Sustainability

  • News and events

    • News and events

    • Law Society news

    • Blogs & opinions

    • CPD & Training

    • Events

  • Qualifying and education

    • Qualifying and education

    • Qualifying as a Scottish solicitor

    • Career support and advice

    • Our work with schools

    • Lawscot Foundation

    • Funding your education

    • Social mobility

  • Research and policy

    • Research and policy

    • Research

    • Influencing the law and policy

    • Equality and diversity

    • Our international work

    • Legal Services Review

    • Meet the Policy team

  • For the public

    • For the public

    • What solicitors can do for you

    • Making a complaint

    • Client protection

    • Find a Solicitor

    • Frequently asked questions

    • Your Scottish solicitor

  • About us

    • About us

    • Contact us

    • Who we are

    • Our strategy, reports and plans

    • Help and advice

    • Our standards

    • Work with us

    • Our logo and branding

    • Equality and diversity

  1. Home
  2. For members
  3. Business support
  4. GDPR - The General Data Protection Regulation
  5. Guide to GDPR
  6. Client confidentiality, legal privilege and limited exemptions

Client confidentiality, legal privilege and limited exemptions

The Data Protection Act 2018 contains provisions which mean that, in some circumstances, solicitors are exempt from certain duties when dealing with personal data. This is where the personal data that the law firm is processing is subject to a duty of confidentiality to the client which could be maintained in legal proceedings. i.e. legal privilege.
If this applies, then the provisions law firms are exempt from are:

  • the requirement to provide fair processing information; and
  • the requirement to disclose personal data in response to a subject access request and from the obligation of complying with other data subject rights; and
  • all of the data protection principles in so far as they relate to the above requirements.
    These exemptions exist to ensure that the obligations under the GDPR do not prejudice the confidentiality of the work that law firms are carrying out for their clients. They do not apply to all the processing of personal data that is carried out by the firm.

Client confidentiality/legal professional privilege in Scotland

It can sometimes be challenging to identify what information client confidentiality attaches to. It will not apply to all your client matters and it will not apply to all the information contained in your client files. The right to privilege and the right to waive privilege rests with your client. You should consider this matter carefully.

Legal professional privilege can be claimed by a client to avoid disclosure of documents. Broadly speaking, there are two main categories of documents to which privilege can attach:

  • Confidential communications between a client and solicitor, where the client seeks, and the solicitor gives, legal advice (legal advice privilege).
  • Confidential communications between a client and solicitor in contemplation of litigation (legal litigation privilege). This extends beyond communications solely between solicitors and clients to cover communications with third parties (eg experts and witnesses), but only applies where the overarching, dominant purpose of the communication is for use in actual, pending or reasonably contemplated litigation.
Add To Favorites

Additional

  • Guide to GDPR

In this section

  • Ten steps
  • Law firms as data controllers
  • Create a record of data processing
  • Marketing
  • Client confidentiality, legal privilege and limited exemptions
  • Sharing data with third parties
  • Data retention
  • Data protection officers
  • AML and data protection
  • Security
  • Reporting personal data breaches
  • Requests for copies of personal data
  • Appendix 1 - Consent
  • Appendix 2 - Example of a data protection policy
  • Example of Privacy Notice
Law Society of Scotland
Atria One, 144 Morrison Street
Edinburgh
EH3 8EX
If you’re looking for a solicitor, visit FindaSolicitor.scot
T: +44(0) 131 226 7411
E: lawscot@lawscot.org.uk
About us
  • Contact us
  • Who we are
  • Strategy reports plans
  • Help and advice
  • Our standards
  • Work with us
Useful links
  • Find a Solicitor
  • Sign in
  • CPD & Training
  • Rules and guidance
  • Website terms and conditions
Law Society of Scotland | © 2025
Made by Gecko Agency Limited