Common Legal Circle (CLC)
Date: [DD/MM/YYYY]
1. Introduction
Common Legal Circle (CLC) is committed to protecting personal data in compliance with the
UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This
policy outlines our approach to collecting, processing, storing and safeguarding personal
data while ensuring the rights and freedoms of individuals are protected.
2. Scope
This policy applies to:
- All employees, associates and contractors of CLC.
- Clients, suppliers and third-party service providers handling personal data on behalf of
CLC.
- Any personal or sensitive data collected, processed or stored by CLC within the UK.
3. Principles of Data Protection
CLC adheres to the following UK GDPR principles when handling personal data:
- Lawfulness, Fairness and Transparency: Data is processed lawfully, fairly and
transparently.
- Purpose Limitation: Data is collected for specific, legitimate purposes and not further
processed in a manner that is incompatible with those purposes.
- Data Minimization: Only relevant and necessary personal data is collected.
- Accuracy: Data is kept accurate and up to date.
- Storage Limitation: Data is retained only for as long as necessary for legal and operational
needs.
- Integrity & Confidentiality: Data is processed securely to prevent unauthorized access,
loss or damage.
4. Legal Basis for Processing Data
CLC processes personal data based on one or more of the following legal bases:
- Consent: When the individual has provided clear, informed consent for processing.
- Contractual Necessity: Processing is necessary to fulfill contractual obligations.
- Legal Obligation: Compliance with UK legal or regulatory requirements.
- Legitimate Interest: Processing is required for CLC’s operational and business activities
while balancing the rights of individuals.
5. Data Collection & Use
CLC collects and processes personal data for:
- Legal representation, case management and client advisory services.
- Employee records, payroll processing and administrative functions.
- Business operations, compliance and regulatory reporting.
- Marketing and communications (subject to consent).
6. Data Subject Rights
Under UK GDPR, individuals have the following rights:
- Right to Access: Request access to personal data held by CLC.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure (Right to be Forgotten): Request deletion of data under specific
circumstances.
- Right to Restrict Processing: Request limited use of personal data.
- Right to Data Portability: Request data transfer to another service provider.
- Right to Object: Object to certain types of processing, including direct marketing.
- Right to Lodge a Complaint: Submit concerns to the UK Information Commissioner’s
Office (ICO).
7. Data Security & Protection Measures
CLC implements strict security measures to protect personal data, including:
- Role-based access controls to limit data access to authorized personnel.
- Encryption and secure storage of digital and physical records.
- Regular audits to ensure compliance with UK GDPR.
- A data breach response plan to mitigate and report incidents promptly.
8. Data Retention & Disposal
CLC retains personal data only as long as necessary for:
- Legal and professional requirements.
- Contractual obligations with clients and third parties.
- Security and compliance purposes.
When data is no longer needed it is securely deleted or anonymized following UK GDPR
guidelines.
9. Data Sharing & Third Parties
CLC may share personal data with third parties under the following conditions:
- When required by law, court orders, or regulatory bodies (e.g., ICO or legal authorities).
- When engaging GDPR-compliant third-party service providers.
- When necessary for legal case collaboration subject to client authorization.
All third parties handling CLC data must adhere to strict confidentiality and security
standards.
10. Breach Notification & Incident Response
In the event of a data breach, CLC will:
- Identify and contain the breach immediately.
- Assess the impact and take remedial actions.
- Notify affected individuals and the ICO within the legal timeframe (typically 72 hours if
necessary).
- Implement corrective measures to prevent recurrence.
11. Compliance & Review
CLC regularly reviews and updates this policy to ensure ongoing compliance with UK GDPR
and data protection laws. This policy is reviewed annually or as required by changes in
legislation.
Signed,
[Jaswant Singh]
Common Legal Circle (CLC)
Date: [DD/MM/YYYY]