GDPR and Data Protection

Managing data can be complex and challenging. Incorrect management can cause huge harm to your brand's reputation and to people's privacy.

The consequences for non-compliance can be significant.

Data is key to modern day life, with more and more information being generated and held by businesses in both digital and physical form. How this information is managed and protected is important. Non-compliance with data protection law can create significant issues for businesses and organisations, from regulatory action to civil claims and reputational harm.

Our data protection expertise spans our Employment, Corporate and Commercial, and Dispute Resolution teams. We assist data controllers and processors with protecting individuals’ personal data through to managing the consequences of a data breach or cyber incident.

We also assist businesses with responding to subject access requests, dealing with complaints from individuals about how their data has been handled, and navigating correspondence with the ICO.

From prevention to data breach management and recovery, we can help solve your data protection issues effectively to mitigate the financial, administrative and reputational consequences for your business.

  • Compliance, contracts and policies

    Mitigate the risks to your company with compliant policies (such as cookies and privacy policies and HR policies). We can write and advise on implementation within your business. We can draft contracts for the processing and sharing of data with third parties.

  • Data protection reviews

    We review your business’ policies and procedures to ensure their compliance with data protection requirements and will advise on necessary remedial action. This should put you in good shape for any ICO investigations in the event of a cyber incident or accidental breach. In the health and social care sector we have also supported providers to complete the Data Security and Protection Toolkit.

  • Subject access requests

    We can assist with responses to an individual’s request for data, including applicable exemptions and preparing a response to the data subject (whether they are a customer or an employee). Our team have the experience and ability to handle large scale requests, involving the review and redaction of thousands of documents to take the burden away from your team. Failing to meet a request of this nature properly could lead to ICO complaints or investigations, or claims by the data subject to enforce their rights.

  • Cyber attacks

    We provide crisis management and urgent support in the event of a cyber incident and have assisted businesses with their response, including reputation management.

  • Data breach claims

    We regularly defend businesses in civil claims for compensation made by data subjects following an alleged data breach.

  • Complaints to the ICO

    We assist organisations with complaints made about them to the ICO to mitigate risk, time and cost to your business.

  • Other regulatory issues

    We can advise upon any related obligations to notify other regulators (such as the Financial Conduct Authority and Care Quality Commission).

  • Training

    Our team have provided data protection compliance training to businesses and their employees.

contact us
Contact our GDPR team

Contact a member of the team via their profile page, or simply fill out this form and they will get back to you.

The GDPR team

Our data protection team work collaboratively with businesses and organisations of all sizes across various sectors to provide comprehensive and balanced legal advice.

Data Breaches - When, Not If

We come into contact with clients’ cyber and data protection issues every day and understand the profound effect they have on businesses, reputations and livelihoods.

For an SME, it is all too easy to dismiss cyber incidents and data breaches. Too often, these are seen as issues that only affect much larger entities or organisations that hold certain types of special category data. “It’s not going to affect us” is a very dangerous mindset. In this day and age, a data breach is a question of when, not if.

Read our report to find out how businesses can reduce the risk.

Read our report now

View more articles related to GDPR