GDPR
GDPR

GDPR and Data Protection

Managing data can be complex and challenging. Incorrect management can cause huge harm to your brand's reputation and to people's privacy.

The consequences for non-compliance can be significant.

Data is key to modern day life, with more and more information being generated and held by businesses in both digital and physical form. How this information is managed and protected is important. Non-compliance with data protection law can create significant issues for businesses and organisations, from regulatory action to civil claims and reputational harm.

Our data protection expertise spans our Employment, Corporate and Commercial, and Dispute Resolution teams. We assist data controllers and processors with protecting individuals’ personal data through to managing the consequences of a data breach or cyber incident.

We also assist businesses with responding to subject access requests, dealing with complaints from individuals about how their data has been handled, and navigating correspondence with the ICO.

From prevention to data breach management and recovery, we can help solve your data protection issues effectively to mitigate the financial, administrative and reputational consequences for your business.

  • Compliance, contracts and policies

    Mitigate the risks to your company with compliant policies (such as cookies and privacy policies and HR policies). We can write and advise on implementation within your business. We can draft contracts for the processing and sharing of data with third parties.

  • Data protection reviews

    We review your business’ policies and procedures to ensure their compliance with data protection requirements and will advise on necessary remedial action. This should put you in good shape for any ICO investigations in the event of a cyber incident or accidental breach. In the health and social care sector we have also supported providers to complete the Data Security and Protection Toolkit.

  • Subject access requests

    We can assist with responses to an individual’s request for data, including applicable exemptions and preparing a response to the data subject (whether they are a customer or an employee). Our team have the experience and ability to handle large scale requests, involving the review and redaction of thousands of documents to take the burden away from your team. Failing to meet a request of this nature properly could lead to ICO complaints or investigations, or claims by the data subject to enforce their rights.

  • Cyber attacks

    We provide crisis management and urgent support in the event of a cyber incident and have assisted businesses with their response, including reputation management.

  • Data breach claims

    We regularly defend businesses in civil claims for compensation made by data subjects following an alleged data breach.

  • Complaints to the ICO

    We assist organisations with complaints made about them to the ICO to mitigate risk, time and cost to your business.

  • Other regulatory issues

    We can advise upon any related obligations to notify other regulators (such as the Financial Conduct Authority and Care Quality Commission).

  • Training

    Our team have provided data protection compliance training to businesses and their employees.

contact us
Contact our GDPR team

Contact a member of the team via their profile page, or simply fill out this form and they will get back to you.

The GDPR team

Our data protection team work collaboratively with businesses and organisations of all sizes across various sectors to provide comprehensive and balanced legal advice.

Additional legal services

Business Dispute Resolution
In the ever-changing legal landscape, with sharpening competition and advancing technology, our clients are facing new and unique challenges.
HR and employment law
The effective recruitment and management of care staff are key to achieving and maintaining a safe, caring, responsive and effective care business.
Corporate
We are a dynamic, forward thinking team of corporate lawyers with the technical knowledge and experience necessary to get deals done.
commercial lawyers
Commercial
Almost always, businesses need to consider legal issues when making commercial decisions. We are commercial lawyers who understand your business and deliver results.
Opinion  |  17:04:23
TikTok’s fine: what it means for businesses, and how you can avoid the same mistakes
TikTok has rapidly become very popular as a social media platform. Despite its success, it has received one of the largest fines ever issued by the Information Commissioner’s Office (ICO) for misusing children’s data....
Opinion  |  19:12:22
EU-US Data Privacy Framework – what you need to know now the draft adequacy decision has been published
Irene Trubbiani Montagnac explains what you need to know following the draft adequacy decision that comes as part of the EU-US Data Privacy Framework, which replaces the Privacy Shield.
Opinion  |  28:09:22
Important deadlines for companies transferring personal data out of the EU and UK
The New Standard Contractual Clauses On 4 June 2021 the European Commission adopted the New Standard Contractual Clauses (New SCCs), a primary mechanism for lawfully transferring personal data outside the EU. The deadline for...
IDTA
Opinion  |  03:08:22
Time is running out – deadline for the old EU standard contractual clauses draws near
On 21 March 2022 the International Data Transfer Agreement (“IDTA”) and the international data transfer addendum to the European Commission’s standard contractual clauses for international data transfers (the “Addendum”) came into force.
Opinion  |  24:06:22
Government proposes to shake up data protection regime
On 17 June 2022 the Department for Digital, Culture, Media & Sport (“DCMS”) issued a press release announcing the new data laws that would take effect as a result of the planned Data Reform...
Employee data
Opinion  |  15:06:22
Data Subject Access Requests – navigating employee data rights
Under the Data Protection Act 2018 employees have the right to obtain their personal data that is being processed by their employer. Making this request is known as a data subject access request (“DSAR”).
Opinion  |  13:05:22
Data Reform Bill 2022 – what is its purpose?
The introduction of a Data Reform Bill was among the Government’s proposed legislative plans delivered during the Queen’s Speech on 10 May 2022. This introduction will update the powers of the Information Commissioner’s Office...
Person on phone
Uncategorised  |  23:03:22
What sanctions can the ICO impose for unsolicited marketing communications?
The Information Commissioners Office (ICO) continues to issue fines in relation to unsolicited marketing communications. In recent months, fines have ranged from £2,000 to £200,000 depending on the severity of the breach of UK data protection laws.
Opinion  |  09:12:21
Nuisance Messages in the spotlight
On 19 November 2021, the Department for Digital, Culture, Media & Sport’s (DCMS) consultation, ‘Data: a new direction’, closed.

View more articles related to GDPR