

GDPR and Data Protection
Managing data can be complex and challenging. Incorrect management can cause huge harm to your brand's reputation and to people's privacy.
The consequences for non-compliance can be significant.
Data is key to modern day life, with more and more information being generated and held by businesses in both digital and physical form. How this information is managed and protected is important. Non-compliance with data protection law can create significant issues for businesses and organisations, from regulatory action to civil claims and reputational harm.
Our data protection expertise spans our Employment, Corporate and Commercial, and Dispute Resolution teams. We assist data controllers and processors with protecting individuals’ personal data through to managing the consequences of a data breach or cyber incident.
We also assist businesses with responding to subject access requests, dealing with complaints from individuals about how their data has been handled, and navigating correspondence with the ICO.
From prevention to data breach management and recovery, we can help solve your data protection issues effectively to mitigate the financial, administrative and reputational consequences for your business.
-
Compliance, contracts and policies
Mitigate the risks to your company with compliant policies (such as cookies and privacy policies and HR policies). We can write and advise on implementation within your business. We can draft contracts for the processing and sharing of data with third parties.
-
Data protection reviews
We review your business’ policies and procedures to ensure their compliance with data protection requirements and will advise on necessary remedial action. This should put you in good shape for any ICO investigations in the event of a cyber incident or accidental breach. In the health and social care sector we have also supported providers to complete the Data Security and Protection Toolkit.
-
Subject access requests
We can assist with responses to an individual’s request for data, including applicable exemptions and preparing a response to the data subject (whether they are a customer or an employee). Our team have the experience and ability to handle large scale requests, involving the review and redaction of thousands of documents to take the burden away from your team. Failing to meet a request of this nature properly could lead to ICO complaints or investigations, or claims by the data subject to enforce their rights.
-
Cyber attacks
We provide crisis management and urgent support in the event of a cyber incident and have assisted businesses with their response, including reputation management.
-
Data breach claims
We regularly defend businesses in civil claims for compensation made by data subjects following an alleged data breach.
-
Complaints to the ICO
We assist organisations with complaints made about them to the ICO to mitigate risk, time and cost to your business.
-
Other regulatory issues
We can advise upon any related obligations to notify other regulators (such as the Financial Conduct Authority and Care Quality Commission).
-
Training
Our team have provided data protection compliance training to businesses and their employees.