Data Protection

All businesses collect and hold vast quantities of data about their customers and employees. That data is an important asset with many businesses relying on it to continue operating and can be a crucial aspect of valuing a business.

Data protection law aims to strike a balance between an individual’s right to privacy and the ability of organisations to use information about an individual for the purpose of their business.

In practice, this means that it is essential that all businesses have in place robust arrangements (both in terms of internal policies and procedures as well as contracts with its suppliers) to avoid data being lost, stolen, misused, damaged or destroyed prematurely. Any such incident could result in a large financial penalty, severe damage to the reputation of a business and a loss of confidence in it by its customers, employees and shareholders, as well as claims for compensation.

The General Data Protection Regulation (GDPR) came into effect on 25 May 2018 and replaced the Data Protection Act 1998 which regulated the use of an individual’s personal data.

The significant increase in fines that can be imposed under the GDPR for non-compliance should be a huge incentive for businesses to ensure they are compliant.  For some breaches (for example those involving international transfers of personal data or failing to meet the conditions for processing data, such as obtaining valid consent), a business could be looking at a fine of up to 4% of annual worldwide turnover or EUR200 million. Other breaches could lead to a fine of up to 2% of annual worldwide turnover or EUR10 million.

Whilst businesses that currently comply with the Data Protection Act 1998 will have a good head start, the GDPR brings some significant changes, which businesses need to prepare for.

We can help by:

Advising on what businesses need to do to comply with the GDPR and assisting with preparations
Drafting and reviewing commercial contracts in relation (whether solely or partly) to processing of data to ensure they comply with the GDPR
Advising on how to deal with data subject access requests
Drafting data protection policies
Drafting privacy notices
Advising businesses following a data breach
Advising on data protection projects
Assisting with Privacy Impact Assessments
Conducting data protection audits
Ensuring staff are properly and appropriately trained
Advising on employment issues arising from data protection

Meet the team

Sarah Wheadon


Simon Rhodes

Senior Partner

Sarah Huck


Louise Thompson

Senior Associate