Individuals’ data (known as personal data) is central to the success of many organisations. Used correctly, it can be a crucial asset. However, tough data protection laws such as the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 mean that a data breach, or other breach of the law, can result in significant financial penalties as well as reputational damage.
We can help you to ensure your organisation’s use of personal data is legally sound by:
- Undertaking a high-level review of your organisation’s use of personal data to identify areas of concern and non-compliance. As part of this process we can explain the various obligations your organisation may have under data protection law and help you to assess the areas of risk and prioritise any actions to help minimise those risks.
- Assisting you with, and drafting where appropriate, policies and procedures such as privacy notices, data protection policies, retention policies, records of data processing activities, cookies policies, privacy impact assessments and legitimate interest assessments.
- Providing advice following a data breach, including establishing whether a breach requires reporting to the Information Commissioner’s Office (ICO) or to affected data subjects.
- Assisting you with responding to data subject access requests. We can help you to identify what personal data forms part of the data subject’s request and whether any exemptions apply which mean certain data does not need to be disclosed to the data subject.
- Assisting you with other data subject requests, such as requests to erase or restrict data and freedom of information (FOI) requests.
- Drafting and negotiating data processing agreements, data sharing agreements and data protection provisions for other commercial agreements. We have particular expertise in advising on the data protection aspects of information technology contracts.
- Advising on how to lawfully transfer personal data outside of the UK (with particular experience of doing so in the context of information technology contracts), including drafting and negotiating the European Union Standard Contractual Clauses, the UK Addendum and the UK International Data Transfer Agreement.
- Advising on the use of cookies and electronic marketing obligations, including the application of the complex Privacy and Electronic Communications (EC Directive) Regulations 2003.
- Advising on the sale and purchase of databases.
- Advising on monitoring employees and the use of personal data in the employment context.
- Advising on other data protection issues such as whether you are a data controller or data processor in a commercial arrangement, the lawful bases for processing personal data (including consent), whether you can lawfully hand over personal data when requested by a third party such as the police and the use of CCTV.
- Providing bespoke training packages.
What to do when things turn contentious
If things turn contentious, we can also support your organisation by:
- Advising and representing you if you receive correspondence from, or are investigated by, the Information Commissioner’s Office (ICO).
- Advising on data protection compensation claims and complaints.
- Advising in relation to data subject access requests made as part of an employment dispute.
Why choose Trethowans?
Our specialist data protection solicitors have a wealth of knowledge in this area and provide clear, practical advice and the regulatory solicitors who form part of our team are highly experienced in liaising with regulators and dealing with regulatory disputes.
Our cross team approach means that we can offer you a complete data protection service.
We have been named in The Times Best Law Firms 2023 Guide and 2022 Guide as one of the top 200 legal practices in England and Wales.
For more information about how we can help your organisation, please contact our expert data protection team by calling 0800 2800 421 or using our contact form above.