Data Protection

We advise public bodies and companies about the security, use of, and access to data and information.

Managing your data and information properly is what keeps your organisation running effectively. With rapidly developing technology, the reach of social media, and daily hacks and leaks, it’s never been more important to get information and data management right.

We advise public and regulatory bodies on their information powers and duties, as well as helping businesses with policies and procedures to ensure compliance; and help both when things don’t go entirely to plan.

This includes data protection and GDPR, legal professional privilege, cyber security, and the Freedom of Information Act – which allows anyone to make a request to find out certain information from a public body. Whether you’re a public body processing a request or the requester, we’ll help you understand the legislation and navigate any challenges. We can:

  • Review requests or proposed responses
  • Review your approach to providing information
  • Advise on exemptions
  • Advise you if a public body is about to release information that affects you
  • Explain how the Act works with other information law


  • Cyber security
  • Data protection & GDPR
  • Freedom of Information Act
  • Legal professional privilege

General Data Protection Regulation

We’ll help you get all your data management and privacy right, making sure you’re complying with the new laws.

On 25 May 2018, the General Data Protection Regulation (GDPR) came into force, replacing the Data Protection Act 1998. GDPR changed the way you can capture, use, and share personal data – whether that’s within your business, or externally.

We’ve set out some commonly asked questions about GDPR, as well as some advice on how we can help you, below.



How does GDPR affect my business?

However big or small you are, you’ll be affected by GDPR. All businesses, service providers, and public bodies need to make sure they’re compliant with the new legal framework. If you’re not, you leave yourself open to enforcement action – which could damage your public reputation, as well as your bank balance.

How can Capital Law help me?

We take a hands-on approach to all data management issues, offering practical guidance to help make sure you’re following the new laws.

We can help you to consider:

  • how the changes will require more than a simple update to data protection policies
  • why employers will find it much harder to rely on consent
  • how the new legal rights for individuals could impact on core projects and procedures
  • Data Protection Officers – do you need one and what is their role?
  • the difficulties surrounding collection and use of data for marketing purposes
  • the impact it will have on Corporate Governance for your organisation
  • new enforcement actions which damage public reputation and the bank balance.
Is there training available to make sure I'm compliant?

We can also provide bespoke training – either in-house, or at our offices. Our lawyers and consultants are experienced and confident trainers – we can tailor the content of our sessions to make sure we cover exactly what you’d like to know.


  • Capital Law supported the Gambling Commission with our project to embed the new GDPR requirements into our business. They understood our particular position as a regulator, and provided practical, tailored advice. Their lawyers were responsive and worked well with our in-house team, helping us to address multiple queries in an organised and helpful manner. We plan to continue to seek their support on data protection matters in future.

    Oliver Sweeney | General Counsel
    The Gambling Commission