Data Protection & Privacy
Legal advice from experienced data protection lawyers, helping organisations manage data regulation and security risk with confidence.
Information governance is a core organisational responsibility. Weak controls expose organisations to regulatory scrutiny, enforcement action and reputational damage. Data regulation, including the GDPR, sits within the wider UK and European framework that governs how organisations collect, use, store and share personal data.
Our data protection legal advice helps organisations make and record decisions that stand up to scrutiny. We advise public authorities, regulated bodies and commercial organisations on their legal obligations and on building effective company data protection frameworks. We also advise on data breaches, including whether incidents meet ICO notification thresholds and how reporting duties should be handled.
As data protection lawyers, we turn legal requirements into practical governance and clear oversight. We advise data controllers and processors, structure reporting lines and clarify Data Protection Officer responsibilities. We prepare policies, manage subject access requests and address risks around direct marketing and consent. Our audits and due diligence help identify exposure before regulators do.
We guide organisations through breach response, containment decisions and regulatory reporting. Our team also advises on wider data security legal issues and cyber risks linked to personal data incidents. We also advise public authorities on duties under the Freedom of Information Act (FOIA) and how disclosure decisions interact with data protection law.
Our legal data services support stronger governance, clear accountability and demonstrable compliance with data protection law across the UK and European framework.
Expertise
- Drafting data protection compliant documentation
- Data protection & GDPR advisory
- ICO investigations
- Data breach response
- Governance frameworks
- Subject access requests
- Freedom of Information obligations
- Cyber security risk
- Data protection officer advisory
- Marketing compliance
Meet the team
General Data Protection Regulation
We’ll help you get all your data management and privacy right, making sure you’re complying with the new laws.
On 25 May 2018, the General Data Protection Regulation (GDPR) came into force, replacing the Data Protection Act 1998. GDPR changed the way you can capture, use, and share personal data – whether that’s within your business, or externally.
We’ve set out some commonly asked questions about GDPR, as well as some advice on how we can help you, below.
GDPR FAQs
However big or small you are, you’ll be affected by GDPR. All businesses, service providers, and public bodies need to make sure they’re compliant with the new legal framework. If you’re not, you leave yourself open to enforcement action – which could damage your public reputation, as well as your bank balance.
We take a hands-on approach to all data management issues, offering practical guidance to help make sure you’re following the new laws.
We can help you to consider:
- how the changes will require more than a simple update to data protection policies
- why employers will find it much harder to rely on consent
- how the new legal rights for individuals could impact on core projects and procedures
- Data Protection Officers – do you need one and what is their role?
- the difficulties surrounding collection and use of data for marketing purposes
- the impact it will have on Corporate Governance for your organisation
- new enforcement actions which damage public reputation and the bank balance.
We can also provide bespoke training – either in-house, or at our offices. Our lawyers and consultants are experienced and confident trainers – we can tailor the content of our sessions to make sure we cover exactly what you’d like to know.
