GDPR Solicitors

All organisations in the UK, regardless of their size or activities are subject to the UK GDPR when processing personal data: we provide a first-rate bespoke and tailored GDPR service to our clients, bringing detailed knowledge of a wide range of industries and sectors.

Our GDPR team focuses on keeping data protection matters simple and getting quickly to the heart of the issues at hand when providing data protection related advice.

The General Data Protection Regulation (GDPR) came into force in the UK on the 25 May 2018. The GDPR was then implemented into national law by the Data Protection Act 2018 (DPA 2018). This legislation replaced the Data Protection Act 1998 and has been the biggest reform of data protection law in the UK in the past 20 years.

Since 1 January 2021, following the UK leaving the EU, the GDPR forms part of the EU law kept as UK domestic law. This “retained EU law version of the GDPR” is now referred to as the UK GDPR.

The UK GDPR provides an enhanced level of data protection which all organisations, irrespective of their size and activities, are required to comply with when they are involved in processing personal data. Failure to comply with the requirements of the UK GDPR may render an organisation liable to serious consequences – including substantial fines of up to £17.5 Million, or 4% of annual global turnover, whichever is greater. The Information Commissioner’s Office (ICO) is the UK regulator and has the power to make such fines in the event of non-compliance and reported data breaches. In addition, organisations may face reputational damage, loss of their client/customer base and claims by data subjects.

We aim to ensure our clients are not only UK and EU GDPR complaint, but also have a better understanding of their data processing activities and obligations.

Our GDPR services include data audits – tailored to each organisation’s size, activities and requirements – and a data mapping service – to map an organisation’s data processing activities in a simple, easy to follow and practical way.

Our GDPR specialists assist clients by drafting and advising upon a range of data protection compliant policies and procedures including:

Website privacy policies, cookie policies and APP privacy policies;
Privacy notices for businesses and commercial organisations, charities, professional bodies and membership organisations;
Privacy notices and data protection documentation for an organisation’s employees, workers and contractors;
Data protection policies, such as a privacy standard policy, data retention policy, data subject access request policy, records of processing activities and legitimate interest assessments and records;
A review of processing of any sensitive data known as “special categories of data” and criminal conviction data; identifying conditions for processing such data and drafting of an appropriate policy document;
A review of data protection clauses in commercial contracts, supplier contracts and sub-contractor contracts;
Data processing agreements and data sharing agreements;
Direct marketing consent notices;
Data breach policies and data breach reporting and monitoring obligations and procedures; and
Bring-your-own-device policies, IT/ data security policies.

We regularly advise clients in dealing with data breach incidents, including:

notification obligations to the ICO and affected data subjects
recording obligations
remedying or mitigating the effects of the breach
enabling mitigation by affected data subjects
taking action against other parties responsible for the data breach
dealing with potential claims by affected data subjects
dealing with reputational issues

We advise clients upon international data transfers, including the drafting of standard contractual model clauses, international data transfer agreements, binding corporate rules and UK/US transfers.

We advise clients upon direct marketing activities in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR), to be further amended by the E-Privacy Regulations due to come into force.

We provide practical and pragmatic advice to assist clients with their GDPR compliance and value the long-term successful relationships we create with our clients.

Key Contacts

Chris Weaver
Partner

View Profile

related Services

Business Tax Commercial Corporate Recovery Family Offices Family Business Owners & Entrepreneurial Families Financial Services GDPR Mergers & Acquisitions Partnerships Corporate

insights

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_109301815_3	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	16 years 3 months 2 days 4 hours	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

GDPR Solicitors

Key Contacts

Chris Weaver Partner

related Services

insights

5 Years Of GDPR And Its Impact On The UK – Sian Stephens for Law360

IT Pro: UK government to consider gutting GDPR rules

Cybersecurity: a new dawn?

Chris Weaver
Partner