Data protection is often a key issue for many businesses, organisations and individuals. Our team has a wealth of experience in providing advice in relation to processing personal data, auditing data processing activities and reviewing policies and procedures. We can assist with all your data protection queries and issues relating to this complex and fast-changing area of law.

The current data protection regime in the UK is a combination of the retained EU version of the General Data Protection Regulation (EU) 2016/679 (UK GDPR) along with the Data Protection Act 2018 (DPA 2018).

We are able to assist clients with ensuring they are compliant with all regulatory and legislative requirements. This could involve us helping to carry out compliance assessments and gap analysis reviews. We will then work with you to develop a plan for carrying out any remedial work identified.

We can review, draft or update a wide range of your legal documents, including your data protection policy, privacy policy (both internal and external) and assess your record-keeping procedures. Our employment team can also assist with undertaking HR audits in relation to data protection and developing or updating staff policies (such as employee privacy notices), contracts, handbooks and training programmes for your staff.

If you are planning to enter into a data processing or data sharing agreement, we are able to prepare a suitable agreement for you. Where you already have an existing agreement in place, we can review and/or update this to ensure that it is fit for purpose. Similarly, we can advise on whether your contracts and terms and conditions contain the necessary data protection clauses that reflect the way you handle personal data.

Our team has particular expertise in providing advice on data transfers and data exports, particularly when transferring data outside the UK. We appreciate this is a highly technical area and we can explain the various transfer mechanisms that could be used for international data transfers such as the UK’s international data transfer agreement (IDTA) and international data transfer addendum. We also provide advice to those transferring data to the USA, following the Schrems II decision.

Dealing with data subject access requests (DSARs / SARs) can be very time-consuming. We are able to explain the rules, support you when responding to DSARs and provide you with practical advice so that you are confident when replying to data subjects. If you have a DSAR from a member of your staff, our employment team can also assist with your response. If you are a data protection officer (DPO), please do not hesitate to contact us to see how we can help.

Even if you have adequate data protection policies and procedures in place, there is always a risk that you may face a data breach, or an individual may make a complaint against you to the Information Commissioner’s Office (ICO). We understand that this can be a stressful time and we will endeavour to provide sound advice to help you navigate the commercial and legal risks. Additionally, if the ICO does become involved, we can assist with responding to queries and support you during an ICO investigation.

We pride ourselves on being able to demystify the various and often complex data protection concepts and rules such as identifying lawful bases for processing (such as how to rely on consent) pseudonymisation, anonymisation, data retention / deletion and restricted transfers. Our advice is commercially focussed, pragmatic and tailored to your business.

Speak to an expert

Or send us an email