Skip to content
Law Society of Scotland
Search
Find a Solicitor
Contact us
About us
Sign in
Search
Find a Solicitor
Contact us
About us
Sign in
  • For members

    • For members

    • CPD & Training

    • Membership and fees

    • Rules and guidance

    • Regulation and compliance

    • Journal

    • Business support

    • Career growth

    • Member benefits

    • Professional support

    • Lawscot Wellbeing

    • Lawscot Sustainability

  • News and events

    • News and events

    • Law Society news

    • Blogs & opinions

    • CPD & Training

    • Events

  • Qualifying and education

    • Qualifying and education

    • Qualifying as a Scottish solicitor

    • Career support and advice

    • Our work with schools

    • Lawscot Foundation

    • Funding your education

    • Social mobility

  • Research and policy

    • Research and policy

    • Research

    • Influencing the law and policy

    • Equality and diversity

    • Our international work

    • Legal Services Review

    • Meet the Policy team

  • For the public

    • For the public

    • What solicitors can do for you

    • Making a complaint

    • Client protection

    • Find a Solicitor

    • Frequently asked questions

    • Your Scottish solicitor

  • About us

    • About us

    • Contact us

    • Who we are

    • Our strategy, reports and plans

    • Help and advice

    • Our standards

    • Work with us

    • Our logo and branding

    • Equality and diversity

  1. Home
  2. News and events
  3. Law Society news
  4. GDPR - what now?

GDPR - what now?

30th July 2018 | Professional support , Regulation | Data protection

Tim Musson, Convener of the Law Society of Scotland’s Privacy Law Committee, discusses General Data Protection Regulation (GDPR) compliance in the post-enforcement world.

The 25 May came, and it went, the world didn’t end, and nobody was fined €20M. Does this mean that the General Data Protection Regulation (GDPR) is just a damp squib?

Since the GDPR has been enforced there hasn’t been a noticeable increase in regulatory action taken by the Information Commissioner’s Office (ICO).There have been a few cases pursued under the Data Protection Act 1998. A typical ICO investigation can take anything upwards of six months before any action is taken, so we can still expect ‘legacy’ decisions for a while.

It is worth noting, however, that no win, no fee law firms have started to operate in this sector, pursuing claims for compensation, and this will drive compliance. For those with relatively large databases of data subjects this could well prove much costlier than any fine imposed by the ICO, and may be very significant even for personal data breaches involving smaller numbers of data subjects.

Two examples will illustrate this. Recently the ICO fined the Independent Inquiry into Child Sexual Abuse £200,000 for sending an email to ninety individuals making all the recipients’ email addresses visible to each other. This was extremely sensitive data as many of the recipients were victims – an all too familiar type of breach, reminiscent of the 2016 case involving an HIV newsletter. An English law firm is advertising support for victims of the breach on their website on a no win, no fee basis.

Another recent breach was fairly well publicised resulting in personal data of customers of Ticketmaster being exposed. This was a third party supplier breach. Depending on the precise timing of the breach (relative to 25 May), Ticketmaster may be entirely liable or jointly with the supplier. The number of data subjects concerned is unclear, but is certainly several thousand. Another English law firm is advertising its services to pursue claims for this breach (again on a no win, no fee basis), indicating that a likely outcome would be an award of around £5,000 for each data subject.

This is a development which will certainly continue. It is likely that the ICO will be in a position to impose penalties under the GDPR and the Data Protection Act 2018 from around the end of this year. In the meantime, compensation cases in the courts will serve to focus attention.

The GDPR is definitely not just a damp squib.

GDPR blog

Tim Musson, Convener of the Law Society of Scotland’s Privacy Law Committee, explains why the General Data Protection Regulation (GDPR) is all-important for law firms.

GDPR Personal data breaches

Anna Drozd, policy adviser on professional issues at our Brussels Office, explains what personal data breaches are and how to report them under the GDPR.

GDPR legal basis and why it matters

Carolyn Thurston Smith, policy executive at the Law Society of Scotland, explains the legal bases in article 6 of the General Data Protection Regulation (GDPR).

GDPR changes to consent

Domhnall Dods, regulatory solicitor and GDPR expert at Towerhouse and member of the Law Society’s Privacy Law Committee, explains the changes to rules around consent in the General Data Protection Regulation (GDPR).

GDPR data protection officers

Dr Kenneth Meechan, member of the Law Society of Scotland’s Privacy Law Committee, explains the new rules on data protection officers and sets out some important tasks which all law firms should consider.

GDPR

Our guide to data protection from the perspective of a legal practice

Read more about GDPR
Add To Favorites

Additional

Categories

  • New lawyers
  • Law Society news
  • Regulation
  • Research and policy
  • Legal aid
  • Professional support
  • Wellbeing
  • Business support
  • Equality and diversity
  • International
  • In-house lawyers
  • Schools
  • For the public
  • Videos
  • Fraud alerts
  • Career growth
  • Member benefits
  • Law and technology
  • Professional skills courses
  • Aberdeen
  • Edinburgh
  • Glasgow
  • Perth
  • Inverness
  • Commercial skills for young professionals
  • Roadshow
  • CPD event
  • Working in-house
  • Public Policy Committee
  • Roadshows
  • careers
  • property (non-commercial)
  • licensing
  • Journal online news
  • Sustainability
  • Policy committees

News Archive

  • 2025
  • 2024
  • 2023
  • 2022
  • 2021
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2014
  • 2013

Related articles

  • New legislation to usher in major improvements to legal services regulation
  • New rule proposals aim to improve consumer protections on trusts
  • AML guidance for legal sector updated
  • Law Society members reach new career heights
Law Society of Scotland
Atria One, 144 Morrison Street
Edinburgh
EH3 8EX
If you’re looking for a solicitor, visit FindaSolicitor.scot
T: +44(0) 131 226 7411
E: lawscot@lawscot.org.uk
About us
  • Contact us
  • Who we are
  • Strategy reports plans
  • Help and advice
  • Our standards
  • Work with us
Useful links
  • Find a Solicitor
  • Sign in
  • CPD & Training
  • Rules and guidance
  • Website terms and conditions
Law Society of Scotland | © 2025
Made by Gecko Agency Limited