JP Buckley

DWF LLP

JP is a Partner and Head of the Data Protection Team at DWF, specialising in privacy, data protection and procurement. JP undertakes a wide range of information law work including data protection, cybersecurity, e-commerce, direct marketing and freedom of information - and has a range of clients in the aviation, retail and technology sectors, as well as charities and the public sector. He also has extensive experience in IT and BPO outsourcing and educational ICT, overlapping with his data privacy practice.

JP especially enjoys hosting and providing training sessions in data privacy, where he regularly provides clients and the wider business community with tailored, relevant advice and practical guidance.

JP has a substantial practice in information and data-related matters. He manages and advises on national and international compliance reviews and strategic advisory work. This includes developing, advising on and reviewing data protection compliance strategies, including for the General Data Protection Regulation (GDPR).

Contributed to

6

Are internet domain names considered ‘personal data’ for the purposes of the General Data Protection Regulation/Data Protection Act 2018?

Q&As

TMT

Assume two parties contract for services involving the processing of personal data on a controller-processor basis. If one of those entities (the controller or processor) had been required to designate an EU representative (Article 27 of Regulation (EU) 2016/679, General Data Protection Regulation), what, if any, additional provisions should each party seek to include in the data protection clauses of the agreement given that fact?

Q&As

Information Law

In a no-deal Brexit scenario where personal data will be transferred by an EU controller to a UK processor and that processor will then transfer the personal data to a subprocessor outside the UK and EU, Model Clauses in place between the EU controller and the UK processor will require the processor to impose the same obligations as in those Model Clauses on the subprocessor (or that the subprocessor co-signs those Model Clauses). Does there also need to be Model Clauses in place between the EU controller and the (non-UK and non-EU) subprocessor?

Q&As

Public Law

Must group companies wishing to share personal data enter into a data processing agreement?

Q&As

Information Law

Other work

Personal data processing clause—short-form—pro-controller

This is a short form Precedent pro-controller data processing clause drafted for use as part of a commercial agreement for general personal data processing if the parties wish to contract on a basis that complies with essential requirements of UK data protection law, and is drafted for compliance with the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679 (UK GDPR). It is drafted on the assumption that a UK processor is acting as supplier for a UK customer which is a controller of the personal data.

Information Law

Personal data processing clause—short-form—pro-processor

This is a short form precedent pro-processor data processing clause drafted for use as part of a commercial agreement for general personal data processing if the parties wish to contract on a basis that complies with essential requirements of UK data protection law, and is drafted ready for compliance with the United Kingdom General Data Protection Regulation, Assimilated Regulation (EU) 2016/679, UK GDPR. It is drafted on the assumption that a UK processor is acting as supplier for a UK customer which is a controller of the personal data.

Information Law