GDPR – changes to data protection

General Data Protection Regulation (GDPR) represents the most comprehensive and far-reaching overhaul of data protection legislation in the UK since the introduction of the Data Protection Act 1998. The primary objective of the GDPR is to give EU citizens back control of their personal data and to unify the regulatory environment for business both within and outside of the EU. As a result, every organisation within the EU will be expected to comply with the GDPR after the 25th of May 2018.
Businesses will be expected to not only comply with the new legal regime but to also demonstrate compliance to data subjects, the Information Commissioner’s Office (ICO), and to third parties with whom the business may interact with.
The current cap on fines under the DPA is £500,000. This will be significantly increased under the GDPR with the introduction of a tiered approach to penalties for breaches. Depending on the circumstances and extent of the breach the ICO will be able to impose fines up to 4% of annual worldwide turnover or €20 Million (whichever is greater).
The GDPR introduces a new accountability principle which requires organisations to explicitly state that it is their responsibility to uphold the principles of data protection. Accordingly, organisations need to implement appropriate technical and organisational measures to ensure and demonstrate compliance (including staff training, internal auditing, and review of HR policies and practices).
As part of the accountability, demonstrability, and auditing requirements organisations should:

  • Encourage encryption and pseudonymisation of data
  • Regularly measure and test system resilience
  • Measure data restoration and availability of access
  • Frequently test the effectiveness of physical and digital security measures
  • Consider appointing a Data Protection Officer
  • Introduce measures to produce data protection impact assessments
  • Maintain internal records of personal data processing activities
  • Take a privacy-centric approach to physical and digital security

It is not a question of IF a data breach will occur, but WHEN.

Organisations are strongly encouraged to put in place clear policies and procedures to enable prompt responses to data breaches and subsequent notifications. The policies should incorporate a clear framework of accountability in order to monitor, review, and assess data processing procedures and demonstrate compliance to any relevant authorities. The starting point for any organisation should be an analysis of the legal basis for processing personal data demonstrate that personal data is processed for a legitimate purpose and appropriate consent has been obtained.

GDPR came into force on the 25th May 2018, don’t get caught out! Click here to read our 12 steps to GDPR compliance.

Business & Commercial Property
  • Restaurants and Cafes
  • Leasing Property
  • Stamp Duty & LBTT
  • the Lyon Court
  • Advice On Farms, Land & Estates
  • Buying With Your Pension
  • Types Of Business Structure

Call 0131 225 6226 to discover how we can help.

Buying or Leasing Property


We offer advice on, and carry out work for:

  • Commercial Property Purchase and sale
  • Commercial Leasing
  • Registration of Trademarks
  • Residential Leasing

Commercial Property Purchase and Sale

We have years of experience in helping clients purchase and sell commercial properties in Scotland, and can offer sound business legal advice where required.

During commercial property transactions it is important for our clients that they remain fully informed with valuable business legal advice throughout the course of the transaction. It is equally important that our clients are confident that we know the market.

We have experience dealing with transactions of all sizes, and offering business legal advice in all kinds of situations.

Commercial Leasing

We handle all leasing matters, from long leases to short form leases for offices, developments, retail units, licensed premises in the hospitality sector and industrial units.

Residential Leasing

New Requirements for Letting Agents

New laws have come into force requiring anyone carrying out letting agency work in Scotland to apply to be registered with the Scottish Ministers in the new Register of Letting Agents. To register they must pass a ‘fit and proper’ person test. The Register of Letting Agents is run by Scottish Ministers and all letting agents must have submitted an application for registration by 1 October 2018. Letting agents are also now subject to stringent training requirements, as well as a new Code of Practice.

The Code of Practice came into force on 31 January 2018 and sets out the standards that all letting agents operating in Scotland must abide by.

The Code sets out minimum standards in relation to a number of aspects of letting agency business, including:

  • Terms of business
  • Terminating a management agreement
  • Marketing and advertising
  • References and checks
  • Management and maintenance of properties
  • Communications and resolving complaints
  • Handling client money

All letting agents must now ensure that they issue their landlords with written terms of business which sets out clearly the terms of their management responsibilities and clear costs for their services. Letting agents must also ensure that they have both client money protection insurance in place, as well as professional indemnity insurance.

Letting agents must also ensure that they have written procedures in place in relation to rent collection, debt recovery, repairs and maintenance, ending tenancies, complaints handling and handling clients’ money.

Both landlords and tenants can now refer an agent to the First-Tier Tribunal if they believe that an agent has failed to comply with one or more of the terms of the Code. If the Tribunal finds an agent to be in breach of the Code, the Tribunal can issue a Letting Agent Enforcement Order (LAEO). This will set out the specific breach of the Code by the agent, what is required to be done by the agent to rectify the breach, and a timescale for doing so. Failure by an agent to comply with a LAEO could lead to their removal from the Register of Letting Agents. It is a criminal offence for a person who is not registered as a letting agent to carry out letting agency work.

If you wish to discuss any aspect of the new Letting Agent requirements, please feel free to contact our specialist team based in our Haddington office, who would be happy to assist you.

The new Private Residential Tenancy
The New Private Residential Tenancy in Scotland
The new Private Residential Tenancy (PRT) has come into force. All new tenancies in the private sector entered into on or after 1st December 2017 in Scotland will be the new Private Residential Tenancy. The new Private Residential Tenancy was introduced under the Private Housing (Tenancies) (Scotland) Act 2016. The Scottish Government has released a model tenancy agreement which landlords can use to create the new Private Residential Tenancy.
The model agreement can be found here:
No new assured or short assured tenancies can be created on or after 1st December 2017.
What is a “Private Residential Tenancy”?

Section 1 of the 2016 Act provides that a tenancy is a Private Residential Tenancy where:-

(a) The tenancy is one under which a property is let to an individual (“the tenant”) as a separate dwelling,
(b) The tenant occupies a property (or any part of it) as the tenant’s only or principal home, and
(c) The tenancy is not one which Schedule 1 states cannot be a private residential tenancy.

Schedule 1 to the 2016 Act lists those tenancies which cannot be private residential tenancies and they include shops, licensed premises, agricultural land, holiday lets and properties with a resident landlord.
The 2016 Act provides that the landlord has a duty to provide written terms of the tenancy and any other information which the Scottish Ministers may require by regulation. The landlord cannot charge a tenant for a written private residential tenancy to be produced. Where a written tenancy is not produced by a landlord, the tenant can apply to the First-tier Tribunal for the tenancy terms to be drawn up.
What will happen to existing assured or short assured tenancies after 1st December 2017?
Regulations have been produced which confirm that where an assured or short assured tenancy was created before 1st December 2017 and it continues in existence on that date, it will continue to be an assured or short assured tenancy. Further, where a new contractual tenancy comes into existence after 1st December 2017 at the ish of a short assured tenancy which was a short assured tenancy prior to 1st December 2017, it shall continue to be a short assured tenancy.

Once a short assured tenancy which commenced prior to 1st December 2017 and continued thereafter is terminated either by landlord or by tenant, any new tenancies being created with a new tenant thereafter shall require to be a new Private Residential Tenancy using the model agreement.
How do I repossess a Private Residential Tenancy?

The new Private Residential Tenancy provides tenants with more security of tenure than they currently have under a short assured tenancy. The “no fault” repossession route under the current provisions of the Housing (Scotland) Act 1998 will not apply to the new Private Residential Tenancy. Private Residential Tenancies will have a start date, but will not have an end date. The landlord can only look to terminate a Private Residential Tenancy where they have a ground to do so. There are four categories of grounds: The let property is required for another purpose; the tenant’s status; the tenants conduct and legal impediment to let continuing. The landlord must serve a prescribed notice called a “notice to leave” which must specify which one (or more) of the 18 grounds of repossession which are set out in the 2016 Act are being relied upon, and the date on which the landlord can apply to the First-tier Tribunal to seek a repossession order.
A tenant must be given a minimum period of notice before the landlord can apply to the First-tier Tribunal for a repossession order. Where the tenant has been in the property for less than six months, the period is 28 days. Where the tenant has been in the property for more than six months, the period is 84 days. Once the tenant has failed to vacate the property as at the specified date, the landlord can make his application to the First Tier Tribunal for the repossession order.

If you want more information about the new Private Residential Tenancy, please contact Kenneth Cameron.


​We have experience in the creation and registration and assertion of trademark rights in a number of cases.