(N.B. Remember there is also a £4,115 cost of taking SQE1 and 2 exams themselves.)
We have been asked by several Aspiring Solicitors where they can find a list of providers of training for the SQE. So, we have done a bit of spade work to bring together in this blog what we can find. Please do not regard this as the definitive source of data – but we hope it will be a helpful resource for you.
We understand that some of the larger law firms will be offering to provide the SQE training internally. We understand that some universities will be offering to cover SQE preparation in their courses. Several will be offering a separate SQE preparation course. As there are so many and they can be found from the SRA List below we have not put details here.
Some firms will avail themselves of the ability to offer Solicitor Apprenticeships, where the government will cover the SQE preparation fees and the exam costs - see here for more info: https://hunningsconsultancy.co.uk/apprenticeships-the-sqe-how-this-can-save-you-money/
SRA List
The SRA has a list of SQE Training Providers who have registered to use the SRA trademark so far. That does not mean that they will actually provide training. The SRA wrote that details of further providers will be added in due course. Here is a link to the list. It is just a list and when we checked many of the links to websites did not work. Very few seem to have published what fees they will charge.
https://www.sra.org.uk/students/sqe/training-provider-list/
Australian. Self-Styled Disrupter
Offering on-line training at low prices. Will not be part of the Apprenticeship Scheme.
As reported in the LS Gazette in Feb 2021: “The college has designed a range of virtual programmes, a SQE1 preparation course costing £1,800 and a SQE2 preparation course costing £2,300. These are two of three core learning areas, the other comprising legal skills modules, which can be taken in isolation or grouped together as part of a Master of Laws (LLM) in Legal Practice. The SQE programmes are available as a 12-week full-time course or a 20-week part-time course.” Pricing for 2025 seems to be £4,500 - £4,900 for SQE1 & 2.
https://www.collegalpractice.com/sqe
A provider from the USA. Plan to be part of the Apprenticeship Scheme.
Were the first to enter the market. They offered the preparation training for both the SQE1 & 2 at a cost of about £6,000.
As their name suggests, they come from a background specialising in helping foreign lawyers from various countries around the world to qualify as solicitors in England and Wales (Qualified Lawyers Transfer Scheme). As the SQE exam is based to a large extent on the old QLTS scheme, this gives them many years of expertise in preparing candidates for this types of exams. They also offer free Mock Tests: FLK1, FLK2 & SQE2.
They have stated that they will prepare students, paralegals, apprentices and foreign qualified lawyers for SQE1 & 2 with a cost between £4,000 and £6,000, depending upon options chosen.
The traditional provider that for older solicitors was the College of Law. Part of the Apprenticeship Scheme.
The University of Law has developed an LLM Legal Practice course costing between £14,000 and £18,800.
https://www.law.ac.uk/study/postgraduate/sqe/courses/
A Kent based Legal Training company.
Fees for SQE1 & 2: £4,900. The provider is also offering a discount for students who have completed the Legal Practice Course or an undergraduate degree.
Recognised providers of training courses to the legal profession. SQE1 & 2 £13,400 if out of London or on-line or £15,800 if in London.
https://www.bpp.com/courses/law/postgraduate/sqe
Also provide CiLex Training. Only providing SQE1 prep for the moment (summer 2022). Cost: between £2,500 & £3,000. S
https://brightlink.org.uk/sqe/#1646675255913-3dd6e956-90f9
Previously a provider of QLTS OSCE training and now offers preparation for both the SQE1 and SQE2. They offer 1-to-1 SQE2 mock simulations with personalised feedback, priced at £120 each. Additionally, they provide SQE law and skills pre-recorded lectures at a cost of £35 each, along with revision live lectures priced at £25. These law lectures are specially designed for non-native speakers and include concise and structured notes. Option to purchase a discounted package, with the SQE1 and SQE2 package priced at £3,439. Alternatively, services can be purchased standalone.
They say they provide coaching to help candidates prepare for SQE2 in an affordable and flexible way. We cannot see pricing from the website. We were made aware of this by a candidate in Dubai who thought they focus on people in the Middle East, although there is no mention of that on the website. They seem just to focus on prep for the SQE2 exam, not SQE1.
We have blogged extensively about QWE and invite you to visit some of the blogs. URLs are listed below.
Should you not have a solicitor who can 'Confirm' your QWE then WE CAN HELP.
Here’s a link to how: https://hunningsconsultancy.co.uk/external-qwe-certification-service-2/
For information about the SQE see here: https://hunningsconsultancy.co.uk/the-new-sqe-exam-and-qualification-method/
Here is a link to our YouTube channel. On there you will find many videos explaining about the SQE, QWE and applying for exemptions from the exams. Also full videos of webinars we have delivered with info about this & the Q&A session that follows the talk. If you think this might be helpful, might we invite you to subscribe so it reaches more people?
Fill in the form below or feel free to contact Ingemar on: 07887 524507 or [email protected]
We are honoured to have been invited to attend an AML Roundtable meeting called by the SRA where they intend to discuss their findings from the first 74 firm AML audits that they have carried out (Sept 2019 to Oct 2020). They learned that there were a number of consultants assisting firms to be compliant. They have invited representatives of those consultants to contribute "with the aim of ensuring standards, driving consistency and ultimately assisting in the prevention of financial crime." "The idea is to share our expectations, discuss challenges and start a dialogue."
Below is a summary of the SRA findings.
We are a supervisory authority under The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 ("the regulations"). We have a role in checking firms are complying with the regulations and ensuring they have effective AML policies controls and procedures in place.
To help fulfil this, in 2019 we began an ongoing programme of firm reviews.
We looked at the firms' approaches to preventing money laundering in 10 key areas. In each area we have outlined what the regulations say, our expectations, what we found, good practice and areas for improvement.
From September 2019 to October 2020, we visited 74 firms to review their AML policies and procedures and to see how these were being applied on a sample of the firm's files. We are grateful to the firms we visited for their time and insight into their work to prevent money laundering, particularly when the Covid-19 pandemic has disrupted work across the sector.
Overall, we found that the areas needing the most work from firms were:
The firms we saw were, for the most part, united in their determination to keep the proceeds of crime out of their client accounts, and we were able to assist many of them in meeting their obligations.
We saw a mixture of good and poor practices, but generally it was clear that in most practices there was a will to prevent money laundering and to comply with the regulations.
Audit was a particular matter of interest. While firms generally had an understanding that they needed to keep their policies, controls and procedures updated, a number of firms failed to monitor their effectiveness.
When reviewing firms' files, we found that in a large number there were differences between policies, procedures and what the money laundering compliance officer (MLCO) said should have happened, and what actually happened on the ground. This was often because the fee earners were not following procedures, something that could have been identified and rectified sooner if a compliant audit had been carried out.
Where we referred firms for further investigation, this was because what we saw suggested a systemic lack of compliance such as:
This document should act as a guide to other firms on how they should approach the areas we now understand firms are unsure about.
Here is a link to the full report: https://www.sra.org.uk/globalassets/documents/sra/research/anti-money-laundering-aml-visits-2019-2020.pdf?version=4ada2c
We provide a full suite of Compliance Support for law firms and other professional service firms (insofar as AML, Data Security & Cyber Security). We invite you to look at the drop down menus at the top of this page. Feel free to call us on 07887 524507 or email on [email protected]
We have spotted the following release. The changes largely seem to to reflect the change in practice brought about by the pandemic: allowing for electronic signature, removing the need for certain things to be read aloud in open court and specifically extending the end of some Covid measures from the end of March to the end of October 2021.
Practice Direction Details:
Practice Direction Details
Practice Direction Details
A full copy of the Practice Direction update may be found here: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/962218/PD_Update_1_of_2021_Feb21.pdf
We are a 'One-Stop-Shop' for Business Support for Law Firms and other Professional Service Firms. We invite you to have a look at our services from the 'Services' and 'Compliance Support' drop down menus at the top of this page. If you don't see what you need then ask. We will frequently bespoke for clients. If we don't supply the service (eg marketing, bookkeeping or HR) we will know someone we can recommend.
Contact Ingemar on 07887 524507 or [email protected].
The EU Commission on 19th February 2021 published a draft adequacy decision in favour of the United Kingdom. This is good news and whilst not a final decision is bodes well for UK businesses who trade in the EU.
Following the UK’s exit from the European Union and the end of the transition period on 31st December 2020, the UK became a Third Country in terms of our relationship with the EU. In respect of data protection this means that transfers of personal data from the EU to the UK can only take place under certain circumstances, to ensure sufficient safeguards are in place to protect EU data subjects. These safeguards must be put in place by any UK company that offers goods or services, or monitors the activity of EU citizens. Broadly speaking the main safeguards are:
Standard Contractual Clauses (SCCs) (most commonly used)
Binding Corporate Rules (BCRs) (for large corporates)
Derogations under Article 49 of the GDPR (rarely used)
An adequacy decision by the EU Commission
Most of the above safeguards involve a lot of paperwork, often legal fees and following a recent CJEU court case, the use of SCCs (the most common and likely route for most companies) entail additional actions including risk assessments on a “case-by-case” basis etc. A Third Country that received an adequacy decision however, is free to transfer data unhindered by red tape.
In order to reach an adequacy decision the Commission, along with other EU bodies, assess the data protection laws of the importing country and pay particular attention to the degree and ease of access by government to personal data. The recent demise of US Privacy Shield in the Schrems 2 case, and the absence of any adequacy decision in favour of the US, is largely down to the degree of access that US intelligence agencies have to personal data of non-US citizens. Additionally, at present there is no federal data protection legislation spanning the whole US. Currently only 12 countries have been given adequacy decisions.
Current European data protection legislation has its roots very largely in the European Convention on Human Rights. The Commission appears to be favouring UK 'adequacy' (which requires "essential equivalence" with the EU in the protection of personal data) based to a large extent on the U.K.'s ratification of that Convention which guarantees the "right to a private and family life". But importantly the Commission also accepts that government access to personal data is only permitted under specific circumstances, mainly around public safety/security. This is detailed in the Convention but the U.K. Human Rights Act 1998 dictates that any public authority action must be consistent with the Convention to which the U.K. has signed up. I think the apparent acceptance of this point by the Commission is key, because one of the reasons adequacy was in doubt was EU concerns over potential government access to data.
Another key factor in this decision was the fact that the UK, having been bound by the GDPR as members of the EU, have now, through the European Withdrawal Act 2018 and the ‘easy for you to say’ Data Protection, Privacy & Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019, brought the GDPR into UK law as the UK GDPR. This being supplemented by the Data Protection Act 2018. This means that it would be difficult for the Commission to argue that the UK does not have “essentially equivalent” data protection rules to those of the EU.
New data protection laws appear to be sweeping the globe, and the US is currently discussing possible implementation of federal legislation. I would anticipate more adequacy decisions in coming years, especially as the free flow of data is so fundamental to international commerce.
We are not out of the woods yet but this is certainly a positive step and we await final adoption with baited breath! This will last for a 4 year period before being reconsidered.
It is worth pointing out however, that even in the case of adequacy, UK businesses offering goods or services in the EU/EEA, who do not have an establishment within the EU/EEA, must be aware that they will probably need to appoint a representative in the EU/EEA.
This is a service we can offer so if you are affected by this please contact us for details.
07887 524507 or [email protected]
Written by our Data Protection Officer: Nick Richards CIPP/E
Please note that we offer DPO as a service. Here is more information: https://hunningsconsultancy.co.uk/dpo-service-data-protection-officer/
Practice Direction Update 127 publicised by the MOJ on 11th Feb and coming into force on 6th April 2021. There are changes to:
There are other provisions. For the Practice Direction Update Summary follow this link: https://www.gov.uk/government/publications/practice-direction-update-127-civil-procedure-amendment-rules-2021?utm_medium=email&utm_campaign=govuk-notifications&utm_source=d820c4ee-a7d0-43fd-9991-86be1f2d45df&utm_content=daily
For a pdf of the full Practice Direction Amendments click here: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/960367/127-cpr-update.pdf
Whilst on this page may we invite you to take a look at our other services (see the drop downs at the top of this page). We provide all round Business Support for Law Firms, everything to allow a busy partner to get on with the client work. We have assisted over 350 law firms, direct access barristers and in house-legal. Everything from Compliance to on your Case Management System (LEAP, Proclaim & Clio), from Mentoring to Setting up a New Law Firm. Ask about running your firm and we're probably able to help. 07887 524507 or [email protected].
This has been missed by many solicitors. As part of our service to our clients taking our Office Procedures Manual Service, we questioned this with the SRA and have obtained clear guidance in a letter from the SRA.
Below is the note issued by the SRA on 5th January. We do not think they will sanction you if you register now. For most solicitors handling conveyancing you will already be within the AML scope because you do property work and therefore will be already supervised for Anti- Money Laundering. It would seem that the form FA10b would be the one you would use. It is a very simple and quick job to complete and file this to inform them you advise on SDLT. It seems to be just a question of informing the SRA.
"Solicitor firms have until Sunday (10 January) to check if any tax advice work they carry out falls under a new definition for money-laundering purposes.
Last year’s fifth Anti-Money Laundering Directive brought in amended regulations, with the definition of ‘tax adviser’ widened to include more activities than before. Any firm that finds it is now in the scope of the regulations needs to have applied to us or another AML supervisor, such HM Revenue & Customs to be supervised for money laundering before 10 January.
We have produced guidance on tax advice and AML for firms to help them determine whether or not they will fall within the scope of the regulations.
Paul Philip, Chief Executive, said: “Tackling money laundering is a priority for all of us and we know the vast majority of firms are committed to keeping the proceeds of crime out of the profession. Importantly, the amended regulations widen the definition of tax adviser, which means firms not currently engaged by the anti-money laundering regulations will shortly be included.”
“Any firm providing tax advisor services must check the position and, if necessary, apply to us or another AML supervisor. Alternatively, you might choose to drop the activities that bring you into scope.
“Whatever you choose to do, you need to have made that decision and acted accordingly before 10 January.”
The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (‘the regulations’) were amended on January 10, 2020. Tax adviser is now any firm or individual “who by way of business provides material aid, or assistance or advice, in connection with the tax affairs of other persons, whether provided directly or through a third party”.
Any firm now in scope needs to submit to us a completed FA10form including providing suitable Disclosure and Barring Service (DBS) checks for beneficial owners, officers and managers at their firm. They also need to make sure they comply with the regulations, other relevant statutes and our guidance, by 10 January 2021.
This includes assessing the risk for their in-scope business activities, as well as complying with other guidance and warning notices on AML, and Legal Sector Affinity Group guidance.
Those find that they carry out activities that are in scope of the new definition of tax adviser but will stop these activities before 10 January 2021, then no action is needed.
Anyone that needs further information can contact our Professional Ethics helpline. Ethics advisers however cannot decide whether a firm is in scope or not, only the firm can do that"
Please feel free to contact us if you have any questions or would like to know more about how we may assist you with your compliance. 07887 524507 or [email protected] we cover all things linked with the SRA, have a national expert on the Solicitors Accounts Rules and indeed offer a DPO Service (Data Protection Officer) and assistance with Cyber Security and data breach. Please see the drop down at the top of our website for a list of our services. If you do not see what you are looking for please ask. We will bespoke for clients as well.
Ingemar has interviewed a prominent broker for Legal PII with access to the whole Professional Indemnity market. This is what he said:
“Cyber security is an area that Insurers are asking more and more questions about in respect of a firms PII. With the Insurers pretty much on for any loss from the client account, then they will always have a keen eye on what measures a firm takes to protect the client account from both an internal and external perspective. The question of cyber security has been brought even more to the fore during the pandemic, as so many firms have had staff working from home. Therefore, Insurers are very keen to understand that a firm has the same security for their systems when being used remotely as when they are being used in the office.
There is one Insurer that now even goes as far to make all PII quotations subject to a cyber audit. The client pays for the audit (cost ranges from £350 plus VAT to £1,000 plus VAT dependent on the firm) within their overall premium and involves a remote penetration test being carried out on their systems. A report is issued after the test to the client and will include system improvement requirements which the client has to implement within 90 days of the report being issued.
As for Cyber Essentials and Cyber Essentials+, then there is no direct correlation between having this and the PII premium, which is the same as something like Lexcel. However, what it does demonstrate to an Insurer is that a firm is operating to a certain standard in relation to the management of a particular risk, so they have to make less assumptions on that firm and allows them to discount the rate.
It is my understanding that there are Insurers that will offer more favourable terms to firms that have Cyber Essentials but only in respect of Cyber Liability Insurance. One insurer agrees to reduce the policy excess to Nil if the firm has Cyber Essentials as one example of concessions available on Cyber Liability policies.”
HCL can assist you in obtaining cyber security accreditations: Cyber Essentials, Cyber Essentials+ and IASME. We can also assist if you suffer a Data Breach. Finally, HCL offers a DPO service where you may buy in the services of our Data Protection Officer just for the number of hours you need a week or month, or indeed for a specific review or project. Contact us on 07887 524507, [email protected] You can follow this link for our DPO service: https://hunningsconsultancy.co.uk/dpo-service-data-protection-officer/
High Court decision from November 2020 in the case R (on the application of Aviva Insurance Ltd and Swiss Reinsurance Co Ltd) v. Secretary of State for Work and Pensions [2020] EWHC 3118 (Admin).
The High Court found that defendant insurers do not have to repay to the government all of the state benefits paid to the successful Claimant.
The reason was that it was incompatible with Article 1 of the First Protocol to the Convention for the Protection of Human Rights and Fundamental Freedoms, i.e. the entitlement to the peaceful enjoyment of his possessions; Article 1 states that “no one shall be deprived of his possessions except in the public interest and subject to the conditions provided for by law and by the general principles of international law.”
Specifically they held that the Social Security (Recovery of Benefits) Act 1997 was incompatible in 3 ways:
a) The requirement to repay 100% of the recoverable benefits even where the underling claimant (i.e. the person seeking compensation) is found to be contributorily negligent;
b) The requirement to repay 100% of the recoverable benefits even where the underlying claimant’s “divisible” disease is in part unconnected with the insured’s tort; and
c) The requirement to repay 100% of the recoverable benefits even where other tortfeasors would normally be liable for an indivisible disease but they or their insurer cannot be traced.
What does this mean in practice? It will become clearer when the parties make further submissions with regard to the remedies in that case.
The case was brought by insurers for the defendant in an industrial disease case. They were challenging having to pick up the tab for all state benefits even if the claimant was found to have been contributorily negligent, or certain heads of claim were not proved or there was compromise. Therefore it will have most direct force in industrial disease cases. However, I would have thought it would have strong persuasive power in all PI & Clin Neg cases. The court found that the 1997 Act was incompatible with Article 1 from the date the Human Rights Act 1998 came into force (2nd October 2000).
This adds a lot of uncertainty for the next little while until issues can be clarified. However, it raises the possibility of the insurers NOT having to pay back as much to the CRU. If they don't have to pay it back to the CRU then they shouldn't be making the corresponding reduction in damages to the Claimant. Interesting. Certainly with disease cases settled from 2nd October 2000 onwards there may be the an argument for examining them to see if the insurers can claim reimbursement for over-recouped state benefits and thus further compensation for the claimants (or their estates). Would the same go for general PI & Clin Neg? I could see a bit of an industry developing in reopening settled disease cases and challenging the settling insurer for return of 'over-recoupments', causing them to challenge the CRU for return of these sums.
Here is a link to the full judgment from 20th November 2020: https://www.bailii.org/ew/cases/EWHC/Admin/2020/3118.pdf
Here is a link to the follow up judgment on this case handed down on 12th January 2021: https://www.bailii.org/cgi-bin/format.cgi?doc=/ew/cases/EWHC/Admin/2021/30.html
Many firms doing PI use the Proclaim case management system. If you need help with configuring your Proclaim system, then we can help. Please feel free to contact us on [email protected] or 07887 524507. Here is a link to some information about the support we can give Proclaim users: https://hunningsconsultancy.co.uk/proclaim-support/
Costa and Caffé Nero strike me as a great example. It’s a mixture of strategy and luck. Of all the major coffee chains, Caffé Nero is my favourite. I like their coffee and the Italian feel. I’m told I am their typical customer. (I was told so by one of our law firm clients, who does Caffe Nero’s property work). However, it would appear to me that Costa have had a better business strategy, which has prepared them better for the pandemic (the luck bit).
Both sell pretty much the same things – coffee with something to eat. I have seen, however, over the last 4 or 5 years Costa has transformed its method of delivery. Both started off from the same position: selling to customers who came into their café. They did sell some takeaways, but the main thing for them was to have a café full of people – the café culture. I remember in about 2015 or 2016 going to some trade show and being told by a rep how Costa was trialling out this new machine that allowed you to get your costa coffee auto-dispensed. More recently others (Starbucks in particular) have followed them, but Costa led the way. These machines proliferated across the country, in other shops, such as service stations which allowed Costa Coffee to extend their reach without having to take on new property and staff. New Method of Delivery 1. Then they started to build Drive-Throughs, mostly at the side of their existing cafes. New Method of Delivery 2. That has placed them well to extend their reach to passing trade. Costa were always more widely dispersed than Caffé Nero around the regions and on the outskirts of towns as well as the centres, whereas Caffé Nero largely appeared to me to stay in the centre of towns. That also added flexibility.
Along comes the pandemic. Caffé Nero has struggled and gone into a CVA (Company Voluntary Arrangement). Although Costa has announced redundancies, it seems to have coped a lot better.
So why am I writing this, when HCL’s focus is providing Business Support to the Legal Profession and other Professional Services firms? I am a great believer in learning from all types of business. There are things in one sector that may serve as lessons for another. I don’t think the customers/clients make quite as much distinction between one sector and another as the people in them do.
So, what comparisons can we draw from this? Is it worth asking yourself how you deliver your services to your clients and potential clients? Most law firms and indeed other professional services firms give a tailored service to their clients but the services themselves are pretty much the same. The connection that the business has with clients and how they deliver distinguishes them. Traditionally clients would visit the office for meetings and then there would be correspondence and phone calls to move things along. Emails came along and the speed of response picked up. Instead of the 2 week window for a reply, the reply could come back the same day. Before the pandemic some firms were using video calls with clients, but it was not mainstream. Some were using text and social media to communicate, but again it was not mainstream. Some case management systems offered a portal through their website for clients and some firms adopted this, or had their own developed. The pandemic has speeded up adoption of these technologies. However, I suspect we are only in the early stages of where the professions could go in diversifying delivery of their knowledge-based services to their clients. Technology is becoming a huge facilitator. The clients have also been affected by the pandemic, which has changed their attitude and created a willingness to consume professional services electronically and remotely. This offers opportunities and dangers. Will the professions squander their position as trusted advisers through 121 attention? Will they engage in a race to the bottom? Will they realise that their potential market is limited only by regulatory and jurisdiction boundaries? Also, the talent pool is now limited by requisite qualifications & experience, but not so much by location. The legal profession has been poor at devising retainer and repeat business. It is mostly transactional. It is even poorer at devising passive income streams. Without these partners will continue to be disappointed by the valuations of their firms when they look to sell.
So, back to Methods of Delivery. What are yours? Look at it from the client’s point of view. What would they like? What would make a difference to the speed of matters from enquiry to cash in the bank. What would cause them to sing your praises to family & friends? Crack that and your business will be humming.
The Brexit transition period ended on 31st December 2020. After that date, the UK became a Third Country in the eyes of the EU and thus transfers of personal data need to be looked at differently. Transfers of personal data from the EU to a Third Country are required under the GDPR to be protected by safeguards in order to ensure “essential equivalence” with EU data protection standards. There are various options in order to comply, as follows:
It was always unlikely that the UK would secure an adequacy decision by 31st December, and there was concern that any business offering goods or services, or monitoring the behaviour of EU individuals, would need to implement SCCs immediately after 31st December.
The good news is that under the UK-EU Trade Agreement finalised on 24th December, whilst adequacy was not awarded, the EU has allowed a grace period of 4 months from 1st January (which can potentially be increased to 6 months and most likely will be) whereby personal data can continue to flow freely from the EU to the UK without the need for further safeguards. The grace period (known in the agreement as the ‘specified period’) will end sooner if an adequacy decision is awarded within the 4/6 months. The UK government has already agreed that data can continue to flow freely from the UK to the EU.
Notwithstanding the above ‘breathing space’ there is no certainty that the EU will award the UK an adequacy decision anytime soon, as they have concerns regarding UK government access to personal data, and there is also some concern that organisations could potentially use the UK as a ‘back-door’ into the USA, thus circumventing the Schrems 2 ruling. Indeed, the Information Commissioners Office (ICO) has stated on 28th December that “As a sensible precaution, before and during this period, the ICO recommends that businesses work with EU and EEA organisations who transfer personal data to them, to put in place alternative transfer mechanisms, to safeguard against any interruption to the free flow of EU to UK personal data”. By “alternative transfer mechanisms” in most cases we can read this as SCCs.
It would therefore be sensible for any organisations that offer goods or services or monitor the behaviour of EU individuals to get SCCs in place as soon as possible. Just to clarify what is meant by “monitoring behaviour” Recital 24 of the GDPR states that “In order to determine whether a processing activity can be considered to monitor the behaviour of data subjects, it should be ascertained whether natural persons are tracked on the internet including potential subsequent use of personal data processing techniques which consist of profiling a natural person, particularly in order to take decisions concerning her or him or for analysing or predicting her or his personal preferences, behaviours and attitudes.”
Our advice for any companies meeting the above criteria is to prepare SCCs, make some minor adjustments to your documentation to reflect changes in the legislative landscape e.g., the Data Protection Act 2018 and the UK GDPR so that you are well prepared and fully compliant.
[email protected] or [email protected] or 07887 524507
Written by Nick Richards, our DPO. For further info on our Data Protection Officer Service click here: https://hunningsconsultancy.co.uk/dpo-service-data-protection-officer/
