SAR-NCS-STPHEN RIMMER LLP
The Case File > legal-correspondence
📎 Transparency Note – Provenance, Integrity and Archival Status of the PDFs
This page reproduces, for purposes of defence, research, and procedural transparency, two official PDF documents obtained through lawful disclosure and preserved under the same archival standards applied throughout this dossier. Both files originate from institutional sources and are included to ensure that the factual record remains accessible, verifiable, and available for contestation‑proof analysis. Their presence enables a coherent reconstruction of events and supports the exercise of the right of defence.
📄 Permitted Use and Restrictions
The PDFs published on this page are authorised exclusively for study, research, evidentiary reconstruction, and public‑interest scrutiny. Any use outside these permitted purposes — including legal use against this website or its owner — is strictly prohibited. The documents are provided solely to support transparency, procedural review, and the safeguarding of fundamental rights.
🧾 Scope of the Page
This page presents a structured critique of the procedural conduct of Stephen Rimmer LLP, including the handling of a Subject Access Request (SAR) and the firm’s response to formal disclosure requests submitted through legal representation. The assessment integrates evidentiary commentary, cross‑border legal analysis, and a review of the firm’s compliance with UK GDPR, EU GDPR (Art. 3(2)), the Data Protection Act 2018, and relevant Italian legal frameworks.
As stated throughout this dossier:
“The documents published herein are indispensable for the reconstruction of the facts and for the exercise of the right of defence.”
🧾 Civic Observer – Evidentiary Assessment of Solicitors’ Conduct and Cross‑Border Data Rights
1. Procedural Context
Two parallel and legitimate channels were active:
- a formal disclosure request submitted by Italian legal counsel, seeking the complete client file;
- a Subject Access Request (SAR) submitted directly by Mr Riccardo Gresta to his former solicitors, Stephen Rimmer LLP.
The firm elected to respond only to the SAR, disregarding the formal request transmitted through legal representation.
This selective engagement constitutes a procedural irregularity, as defence rights exercised via counsel and privacy rights exercised via SAR operate concurrently and independently.
This selective engagement constitutes a procedural irregularity, as defence rights exercised via counsel and privacy rights exercised via SAR operate concurrently and independently.
2. Identity Verification Demand
On 30 September 2025, the firm (via Ms Cheryl Hinton) acknowledged the SAR but imposed a condition: identity certification by an “Italian Solicitor.”
This requirement was:
- legally impossible, as the professional title “Solicitor” does not exist in Italian law;
- disproportionate, given that Italian legislation (D.P.R. 445/2000) provides a lawful and recognised alternative through self‑declaration;
- unnecessary, as the British passport supplied by Mr Gresta could have been verified autonomously via HM Passport Office or the Home Office.
Mr Gresta complied fully by providing:
- a valid self‑declaration under Italian law;
- a British passport, suitable for direct verification.
Despite this, the firm suspended the SAR and did not proceed with disclosure.
3. Evidentiary Commentary (Civic Observer)
Civic Observer notes the following critical points:
3.1 Ignoring Counsel
The firm disregarded the formal disclosure request submitted by Italian counsel, responding exclusively to the SAR.
This omission undermines the procedural rights of representation.
This omission undermines the procedural rights of representation.
3.2 Unlawful Obstruction
The certification requirement—impossible to fulfil under Italian jurisdiction—served to suspend statutory GDPR deadlines without lawful basis.
3.3 Lawful Alternative Provided
Italian law offered a proportionate and valid method of certification, which was duly supplied.
3.4 Autonomous Verification Available
The British passport could have been verified directly by UK authorities, without reliance on external certification.
3.5 Non‑Compliance
Despite clear identification and supporting documents, no disclosure has been made to date.
4. Legal Analysis of the Firm’s Conduct
4.1 Certification Requirement
The request for certification by an “Italian Solicitor” violates:
- Art. 5(1)(c) GDPR – data minimisation;
- Art. 12(3) UK GDPR – timely response;
- principles of proportionality and jurisdictional accuracy.
4.2 Delay and Transparency
The firm failed to specify the SAR receipt date, a mandatory element for calculating statutory deadlines.
In the absence of confirmation, the effective start date remains 24 August 2025, establishing a deadline of 23 October 2025.
In the absence of confirmation, the effective start date remains 24 August 2025, establishing a deadline of 23 October 2025.
4.3 Cross‑Border Compliance
By invoking the requester’s residence in Italy, the firm triggered Art. 3(2) EU GDPR, requiring compliance with EU and Italian standards.
Failure to recognise this dual applicability raises competence concerns.
Failure to recognise this dual applicability raises competence concerns.
4.4 Potential Unauthorised Practice of Law
Instructing a resident to engage with a non‑existent professional category may fall within the conceptual scope of Art. 348 Italian Criminal Code (unauthorised practice).
While formal assessment rests with Italian authorities, the issue highlights a lack of jurisdictional awareness.
While formal assessment rests with Italian authorities, the issue highlights a lack of jurisdictional awareness.
4.5 Aggravating Factor – Signatory Status
The certification request appears to have been issued not by a qualified solicitor, but by administrative staff.
This raises concerns regarding:
This raises concerns regarding:
- delegation of legally significant instructions;
- professional accountability;
- compliance with SRA standards.
5. Professional Conduct Implications
The facts may engage the Solicitors Regulation Authority (SRA) Principles (2019):
- Principle 2 – Act with integrity
- Principle 5 – Provide a proper standard of service
- Principle 7 – Comply with legal and regulatory obligations
The handling of an international SAR, particularly where dual jurisdictions apply, appears inconsistent with these duties.
6. Formal Complaint to the SRA
On 20 October 2025, a formal complaint was submitted to the Solicitors Regulation Authority, requesting investigation into:
- compliance with SAR procedures;
- legality of the certification request;
- whether delays and omissions constitute misconduct;
- the role and authority of the staff member issuing the instruction.
Supporting documentation included correspondence, legal analysis, and references to Italian law.
7. Notice of Potential Publication
In accordance with:
- Art. 6 ECHR – right to a fair trial;
- Art. 10 ECHR – freedom of expression;
Mr Gresta has stated that, should disclosure remain withheld, he may publish a factual reconstruction based solely on materials lawfully in his possession.
Any such publication will respect GDPR, privacy, and defamation law, and will serve exclusively to ensure transparency and factual accuracy.
Any such publication will respect GDPR, privacy, and defamation law, and will serve exclusively to ensure transparency and factual accuracy.
📑 Conclusion
This case illustrates the structural challenges of cross‑border compliance between UK legal entities and EU‑based individuals in the post‑Brexit landscape.
While no intentional obstruction is presumed, the combination of:
While no intentional obstruction is presumed, the combination of:
- procedural misunderstanding,
- jurisdictional inaccuracy,
- and unjustified delay
has resulted in substantive non‑compliance with statutory data‑access obligations.
The matter is now under review by the Solicitors Regulation Authority, which will determine whether the conduct meets professional and ethical standards.
🗂️ Consequences of Non‑Disclosure – Stephen Rimmer LLP
Due to the firm’s failure to provide the requested documents, Mr Gresta has proceeded with a factual reconstruction based solely on:
- his personal recollection;
- official materials previously acquired during criminal proceedings.
In the absence of disclosure, this reconstruction must be regarded as substantially reliable, as it reflects uncontested procedural records.
Should the firm later transmit documents that were:
- previously withheld,
- presumed destroyed under internal retention policies,
- or lacking guarantees of integrity and provenance,
such materials cannot be considered authentic or valid for defensive verification.
Any delayed production of compromised records:
- cannot remedy prior omissions;
- cannot be treated as a legitimate SAR response;
- remains inadmissible for the purposes of factual reconstruction.
Responsibility for the non‑disclosure lies entirely with the data controller.
Any subsequent transmission will be assessed in light of the reconstruction already submitted by the data subject.
Any subsequent transmission will be assessed in light of the reconstruction already submitted by the data subject.
Procedural Closure – Status Recorded
This notification was formally issued to all relevant entities, who were offered the opportunity to provide clarifications or counter‑documentation. As of the present date 21 February 2026, no objections, corrections, or alternative factual reconstructions have been submitted. The notification phase is therefore considered procedurally closed. A right of reply remains available, but any late submissions will not alter the factual framework established during the notification period.
The Record Speaks
