Home / Expertise / Compliance and regulatory / Data protection and privacy
Data protection and privacy law
Our specialist data protection, GDPR and privacy solicitors are here to help you navigate the ever evolving landscape of data protection law.
Offering excellent data protection legal advice for businesses, we know how can challenging it can be for businesses of all sizes to remain up to date, compliant and confident when it comes to data protection and privacy law and its regulations.
Whether you're processing customer information, handling employee data, or responding to a data breach, we can support you every step of the way.
Need advice?
CLICK HERE TO GET IN TOUCH WITH USSupporting you with practical data protection advice
We provide clear, practical advice to help you stay compliant with the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, and other relevant legislation. From reviewing internal policies to advising on subject access requests and data sharing, we help you manage risk and avoid costly reputational or regulatory consequences.
Whether you need day-to-day compliance support or guidance on responding to a breach or ICO investigation, our team will ensure your data handling practices are lawful, transparent and robust.
Our expertise
GDPR
The GDPR applies to any organisation that has control over personal data as well as those that process personal data on behalf of another organisation.
It is critical to any business that they are aware of, and have a plan to deal with personal data. The costs of not complying with the GDPR are high.
It’s important your organisation looks ahead to GDPR and lays the foundations to ensure compliance.
We can help you with all aspects of GDPR, from offering initial GDPR audits, reviewing contracts, and the steps to take to comply with privacy through to GDPR training and incident response support. Find out more here.
Audits and compliance
We advise on:
- GDPR - the General Data Protection Regulation
- compliance with the Data Protection Act 2018 including DPA audits
- information and records management
- policies for the collection and processing of personal data
- information access requests: subject access requests, freedom of information
- data security including handling breaches of the Data Protection Act 2018
- liaising with the Information Commissioner in relation to complaints made by individuals
- the information governance and data protection implications of outsourcing and commercial contracts
- data protection impact assessments
- data processing agreements
- marketing privacy including direct marketing, telemarketing and sharing data with third parties
- online privacy including cloud computing, cookie compliance, social media and mobile devices
- employment and data protection
Data protection
What is data protection?
If you handle personal information about individuals, you have a number of legal obligations to protect that information under the Data Protection Act 2018.
What is meant by 'personal data'?
According to the ICO, personal data means data which relates natural persons who can be:
- identified or are identifiable directly from that information, or;
- indirectly identified from that information in combination with other information.
- personal data includes names, addresses and telephone numbers.
Subject Access Requests
What is a Subject Access Request?
The Data Protection Act 2018 gives individuals certain rights and one of which is the right to request a copy of their personal data which the data controller holds. This is called a Subject Access Request (SAR).
There are various reasons why individuals submit SARs, for example, a disgruntled member of staff wanting to be a nuisance, an employee considering issuing Employment Tribunal proceedings, or someone with the belief that derogatory comments have been made about them. It could even be because a customer has not received a good service or experience, or they believe you had shared or received information about them which is causing them some distress or damage.
The concept is simple enough, however the effect on the organisation can be profound.
Depending on how long ago the data controller obtained their data, how they have processed it, and how long it has been retained for, there could be thousands of documents for you to trawl through. This significantly impacts on your normal day-to-day job and therefore causes an expense to the organisation. Data Controllers forget to account for the resources needed to collate, assess, redact, copy and release the data.
SARs - our experience
We have undertaken a number of SARs on behalf of our clients; some have been very small and others have contained many thousands of documents. We have supported the housing, health, education, equine and legal sector carry out the disclosure obligations.
How we can help with an SAR
- advise you on how to comply with a SAR;
- assist with the document review exercise; and
- draft relevant response letters on your behalf.
FAQs
- What is the UK GDPR and does it apply to my business?
- What is a subject access request (SAR)?
- What should I do if my business suffers a data breach?
- Do I need a Data Protection Officer (DPO)?
- What are the penalties for breaching data protection law?
- How can I make sure my data protection policies are compliant?
Ann Critchell-Ward
Ann is an Intellectual Property and Commercial Law specialist with over 20 years’ experience.
"... very helpful and informative workshop on GDPR. Your workshop brought it all to life and gave a much deeper insight into the obligations and cultural changes needed to take place in our business"
Related services
Recent articles
Explore key lessons from JLR’s cyber incident, UK GDPR duties and practical steps boards can take to strengthen resilien...
Read article
Data Subject Access Requests (DSARs) are a fundamental right under data protection laws, allowing individuals to access ...
Read article
The Data Protection and Digital Information Bill (No. 2) (Bill) was introduced to Parliament on 8 March 2023. The Bill ...
Read article