Privacy Policy
Introduction
This policy explains how I, Julian Smith, a self-employed barrister practising at Lincoln’s Inn Fields Chambers, comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 in managing personal data.
Respecting your privacy and protecting personal data is fundamental to the operation of my Chambers.
The UK’s data protection regulator, the Information Commissioner’s Office (ICO), oversees compliance. I am accountable to the ICO for ensuring I process personal data lawfully and transparently. We are registered with the ICO under registration number ZB934625 and are accountable to the ICO for its data protection compliance.
Purpose
This policy informs clients, professional contacts, and anyone I work with of their rights and my responsibilities under data protection law. It outlines the procedures I follow to ensure compliance.
Scope
This policy applies to all personal data I process, including any information held electronically or in physical (paper) files. As a sole practitioner, I am the data controller for all data collected in the course of my professional practice.
Responsibility
I, Julian Smith, am responsible for ensuring compliance with this privacy policy. I do not employ staff, but where I instruct third parties (e.g., clerking services or IT providers), I ensure they follow appropriate data protection measures.
Data Protection Manager
As a sole practitioner, I act as my own Data Protection Manager. I am responsible for:
- Creating and maintaining this policy
- Ensuring appropriate data handling procedures
- Responding to data subject rights requests
- Reporting data breaches to the ICO, if necessary
- Ensuring compliance with data protection laws
GDPR Definitions
Personal Data
Any information relating to an identifiable person – such as name, contact details, case references, or financial data.
Special Category Data
Includes information about racial or ethnic origin, political opinions, religious beliefs, health, sexual orientation, etc. This data is afforded extra protection under GDPR.
Data Controller
As a barrister operating independently, I am the data controller for all data I collect and use in my practice.
Processing
Includes any use of data – collecting, storing, sharing, or deleting it.
Data Protection Principles
In accordance with GDPR, I ensure that all personal data is:
- Processed lawfully, fairly, and transparently
- Collected for specified and legitimate purposes
- Adequate, relevant, and limited to what is necessary
- Accurate and kept up to date
- Kept only as long as necessary
- Processed securely
- Accountable – I must demonstrate compliance with the above.
Consent
Where consent is required, I will obtain it clearly and explicitly. You can withdraw consent at any time. I do not infer consent from silence or inactivity.
Where special category data is involved, I will rely on explicit consent or another lawful basis such as legal claims or the exercise of my legal practice.
Processing Personal and Special Category Data
I process personal data for the purposes of:
- Providing legal advice and representation
- Compliance with legal and regulatory obligations
- Maintaining client relationships and case management
Special category data is only processed where necessary and under a lawful basis, such as legal claims, substantial public interest, or with your explicit consent.
Data Subject Rights
You have the following rights under data protection law:
- Access to your data
- Correction of inaccurate data
- Erasure (in certain circumstances)
- Restriction of processing
- Data portability
- Objection to processing
Requests should be sent directly to me (contact details below). I aim to respond within one calendar month.
Accuracy of Data
I take reasonable steps to ensure personal data is accurate and up to date. You should inform me of any changes to your personal information as soon as possible.
Security of Data
I use appropriate technical and organisational measures to keep data secure. This includes password protection, encrypted devices, and secure storage of physical files.
I do not store personal data outside the UK without adequate safeguards in place.
Disclosure of Data
Data will only be shared when legally necessary (e.g., with courts, regulatory bodies) or with your explicit consent. I take great care not to disclose personal data to anyone without a lawful basis.
Retention and Disposal of Data
I retain personal data only as long as necessary and in accordance with my professional obligations.
When data is no longer needed, it is securely destroyed.
A full Retention and Disposal Policy is available on request.
Confidentiality and Data Sharing
I uphold strict confidentiality standards and only share personal data when required for legal purposes or with your permission. Where I work with third-party service providers (e.g., IT support), I ensure appropriate agreements are in place.
Data Protection Impact Assessments (DPIAs)
I carry out DPIAs when implementing or changing systems that involve the use of personal data to assess risks and ensure compliance with GDPR.
International Data Transfers
I do not transfer personal data outside the UK/EEA unless appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
Data Register
I maintain a record of:
- Types of personal data processed
- Purpose of processing
- Lawful basis
- Storage location and security
- Review dates and retention periods
Data Breaches
Any suspected data breach will be assessed promptly. If there is a risk to individual rights and freedoms, I will report it to the ICO within 72 hours and inform affected individuals where necessary.
Complaints
If you are unhappy with how your data has been handled, please contact me directly. You also have the right to lodge a complaint with the ICO:
Information Commissioner’s Office
https://ico.org.uk
Contact Details
Julian Smith
Lincoln’s Inn Fields Chambers
📍 Address: 7 Bell Yard, London, WC2A 2JR
📧 Email: enquiries@lincolnsinnfields.com
📞 Phone: +44 (0) 20 7856 0218
In partnership with:
Regulated by:
