Skip to main content

Cookies

We use cookies to help provide a better website experience for you, as well as to understand how people use our website and to provide relevant advertising.

By clicking "I agree", you'll be letting us use cookies to improve your website experience. To find out more or to change your cookie preferences, click "Manage Cookies".

We value your privacy

Like many other websites, our website uses cookies. Cookies are small files placed on your computer when you visit our site. They serve a number of purposes, including ensuring that certain parts of the website work properly, allowing us to understand which areas of our website are the most popular and allowing us to provide more relevant advertising messages. They don't allow us to identify you specifically and no personal data is gathered about you.

If you'd prefer that cookies weren't placed on your computer when you visit our site, you can use the controls below to allow or disallow different types of cookie. Some cookies are essential for the website to work, so they can't be disallowed.

  • These cookies give us anonymised information on how people use our website. We use these cookies to help us tailor our site to meet the needs of our visitors, for example by making sure our most popular pages are easy to find.

  • These cookies serve a number of purposes, such as allowing you to share our content with your friends and social networks. We also use these cookies to provide targeted advertising, so you may see relevant adverts based on the pages you look at on our website.

  • About
  • News & Insights
  • Careers
  • COVID-19
  • Brexit
Call us free on 0808 271 2602
Irwin Mitchell Logo
  • Personal
    • Personal
    • Personal Home
    • Personal Injury Claims
      • Personal Injury Claims
      • Personal Injury Claims Home
      • Abuse & Criminal Injury Claims
      • Accidents In Public Places Claims
      • Accident At Work Claims
      • Air, Rail & Sea Related Claims
      • Asbestos & Mesothelioma Claims
      • Changing Solicitors During a Personal Injury Claim
      • Group Claims
      • Holiday Accidents & Illness Claims
      • Illness Compensation Claims
      • Industrial Disease Claims
      • Injury Types
      • Military Injury Compensation Claims
      • No Win No Fee Personal Injury Claims
      • Personal Injury Claims In Scotland
      • Personal Injury Information
      • How To Claim Compensation For Personal Injury
      • Product Liability Claims
      • Rehabilitation & Medical Care
      • Road Traffic Accident Claims
      • Serious Injury Claims
      • Support Services
    • Medical Negligence Claims
      • Medical Negligence Claims
      • Medical Negligence Claims Home
      • Cancer Misdiagnosis Claims
      • Birth Injury Claims
      • Cauda Equina Syndrome Claims
      • Cosmetic Surgery Claims
      • Cerebral Palsy Claims
      • Defective Medical Device Claims
      • Dental Negligence Claims
      • Diabetes Claims
      • Fatal Medical Negligence Claims & Inquests
      • GP Negligence Claims
      • Hospital Negligence Claims
      • What Is Medical Negligence?
      • Meningitis Misdiagnosis Claims
      • Failure To Prevent Suicide Claims
      • Misdiagnosis Claims
      • No Win No Fee Medical Negligence Claims
      • Ophthalmic Negligence Claims
      • Pregnancy & Gynaecology Injury Claims
      • Sepsis Negligence Claims
      • Shrewsbury & Telford Hospital NHS Trust Maternity Care Claims
      • Stroke Misdiagnosis Claims
      • Surgery Compensation Claims
    • Family Law
      • Family Law
      • Family Law Home
      • Divorce Solicitors
      • Prenuptial & Postnuptial Agreement Solicitors
      • Child Abduction Solicitors
      • Civil Partnership Dissolution Solicitors
      • Unmarried Couples' Rights
      • Divorce Financial Settlement Solicitors
      • Child Arrangement Orders
      • Out Of Court Divorce Solicitors
      • Separation Agreement Solicitors
      • Adoption & Surrogacy Solicitors
      • Domestic Violence Solicitors
    • Wills, Trusts & Estates
      • Wills, Trusts & Estates
      • Wills, Trusts & Estates Home
      • Estate Planning Solicitors
      • Powers Of Attorney
      • Trusts
      • Will Writing Services
      • Will Disputes & Contentious Probate
    • Conveyancing & Property Solicitors
      • Conveyancing & Property Solicitors
      • Conveyancing & Property Solicitors Home
      • Conveyancing Fees Calculator
      • Buying A Property
      • Selling A Property
      • Remortgage
      • Transfer Of Equity
      • Buy To Let
      • Absentee Landlord & Freeholder Tracing Service
      • Conveyancing & Property In Scotland
      • Freehold Purchase (Leasehold Enfranchisement) Solicitors
      • Lease Extension Solicitors
      • Conveyancing Guide
    • Tax
      • Tax
      • Tax Home
      • Business Tax
      • Inheritance Tax
      • International Tax
      • Professional Negligence
      • HMRC Tax Investigations
      • Tax Disputes & Litigation
      • Tax Residence
      • Tax Returns & Compliance
      • Wealth Structuring
    • Probate
      • Probate
      • Probate Home
      • International Probate
      • Probate Sale Conveyancing
      • What Is Probate & How Does It Work?
    • Will, Trust & Estate Disputes
      • Will, Trust & Estate Disputes
      • Will, Trust & Estate Disputes Home
      • Trust Disputes
      • Inheritance Act Claims
      • Contesting A Will
      • Contentious Probate
      • Pre-Death Agreements
      • Professional Negligence
      • Challenging A Lifetime Gift
      • Financial Abuse
      • Statutory Will Disputes
      • Defending A Contested Will
    • Employment Law Solicitors
      • Employment Law Solicitors
      • Employment Law Solicitors Home
      • Employment Contract Solicitors
      • Employment Disputes
      • Dismissal & Redundancy Solicitors
      • Employment Discrimination Solicitors
      • Harassment & Bullying At Work Solicitors
      • Parental & Family Friendly Employment Rights
      • Professional Discipline Solicitors
      • Recruitment & Promotion
      • Senior Executives & Professionals
      • Settlement Agreements
      • Whistleblowing Solicitors
    • Elderly Legal Services
    • Protecting Your Rights
      • Protecting Your Rights
      • Protecting Your Rights Home
      • Actions Against The Police
      • Environmental & Planning Law
      • Data Protection Breach Claims
      • Education Law
      • Healthcare & Social Services
      • Human Rights
      • Judicial Review
      • Mental Capacity
      • Motoring Offences Legal Advice
      • Professional Regulation & Discipline
      • Dispute Resolution
      • Legal Aid
    • Immigration Solicitors
      • Immigration Solicitors
      • Immigration Solicitors Home
      • British Citizenship & Naturalisation Solicitors
      • EU & EEA Immigration Solicitors
      • Indefinite Leave To Remain Solicitors
      • Spouse Visa Solicitors
      • Innovator Visa
      • Tier 1 Entrepreneur Visa
      • Permanent Residence Solicitors
      • Tier 1 Investor Visa
      • Business Immigration Solicitors
      • Our Prices - Immigration
    • Crime & Investigations
      • Crime & Investigations
      • Crime & Investigations Home
      • Crime
      • Fraud & Financial Crime
      • Motoring Offences Legal Advice
      • Regulatory Investigations & Enforcement
    • Insolvency
      • Insolvency
      • Insolvency Home
      • Business Restructuring & Insolvency
      • Debt Consultancy
      • Insolvency Disputes & Litigation
    • Court Of Protection
      • Court Of Protection
      • Court Of Protection Home
      • Court Of Protection Deputyship
      • Healthcare and Social Services
      • Frequently Asked Questions
      • Personal Injury Trusts
      • Powers Of Attorney
      • Powers Of Attorney Disputes
      • Statutory Wills And Trusts
  • Wealth Management
    • Wealth Management
    • Wealth Management Home
    • Asset Management For Personal Injury
    • Charity & Philanthropy
    • Estate Planning
    • Financial Planning
    • Intergenerational Wealth Management
    • Investment Management
    • Retirement Financial Planning
    • Succession Planning
    • Tax Planning
  • Business
    • Business
    • Business Home
    • Sectors
      • Sectors
      • Sectors Home
      • Consumer & Retail
      • Education
      • Financial & Professional Services
      • Manufacturing
      • Media & Entertainment
      • Real Estate
      • Sport
      • Technology & Communications
    • Banking & Finance
      • Banking & Finance
      • Banking & Finance Home
      • Corporate Banking
      • Funds
      • Leveraged & Acquisition Finance
      • Real Estate Finance
      • Receivables Finance & Asset Based Lending
    • Business Crime
      • Business Crime
      • Business Crime Home
      • Anti-Bribery & Corruption
      • Insider Trading & Market Abuse
      • Corporate Internal Investigations
    • Business Immigration
      • Business Immigration
      • Business Immigration Home
      • Business Visitor Visa
      • Innovator Visa
      • Prevention Of Illegal Working
      • Sole Representative Of An Overseas Business
      • Tier 1 Entrepreneur Visa
      • Tier 1 Investor Visa
      • Tier 2 & 5 Sponsor Licence
      • Tier 2 Visa
      • Tier 4 Sponsor Licence
    • Commercial
      • Commercial
      • Commercial Home
      • Commercial Contracts
      • Charities
      • Competition Law
      • GDPR & Data Protection
      • Information Technology
      • Media & Entertainment
      • Sourcing
      • Licensing
    • Commercial Litigation & Dispute Resolution
      • Commercial Litigation & Dispute Resolution
      • Commercial Litigation & Dispute Resolution Home
      • Banking & Finance Litigation
      • Business Interruption Insurance Lawyers
      • Contract Disputes
      • Commercial Judicial Review
      • Defamation & Reputation Management
      • International & Cross-Border Disputes
      • Litigation Funding
      • Professional Negligence
    • Corporate
      • Corporate
      • Corporate Home
      • Corporate Advisory
      • Equity Capital Markets
      • Mergers & Acquisitions (M&A)
      • Private Equity
    • Costs Team
    • Employment Law
      • Employment Law
      • Employment Law Home
      • Business Immigration
      • Employment Contracts, Policies & Procedures
      • Disciplinary & Grievance
      • Employee & Industrial Relations
      • Employment Litigation & Dispute Resolution
      • Equality, Diversity & Discrimination
      • Flexible Working Arrangements
      • Health & Safety
      • HR Advice Service - IMhrplus
      • Managing Sickness Absence
      • Pensions
      • Recruitment
      • Restrictive Covenants
      • Restructuring & Redundancy
      • Self Employment, Contractors & Agency Workers
      • Employment Seminars, Training & Updates
      • Terminating Employment & Settlement Agreements
      • TUPE
    • In-House Counsel
    • Intellectual Property
      • Intellectual Property
      • Intellectual Property Home
      • Defamation & Reputation Management
      • Copyright Lawyers
      • Design Rights Lawyers
      • Image Rights Lawyers
      • Patent Lawyers
      • Trade Mark Lawyers
      • Trade Secrets Lawyers
    • Legal Helpline
    • Pensions
      • Pensions
      • Pensions Home
      • Employment
      • Managing Death Benefit Trusts
    • Regulatory & Compliance
      • Regulatory & Compliance
      • Regulatory & Compliance Home
      • Road Transport & Operator Compliance
      • GDPR & Data Protection
      • Environment & Safety Regulatory Compliance
      • Financial Services Regulation
    • Real Estate
      • Real Estate
      • Real Estate Home
      • Corporate Occupiers
      • Real Estate Development and Regeneration
      • Construction & Engineering
      • Real Estate Finance
      • Real Estate Investment
      • Real Estate Tax
      • Residential Development
      • Retirement Living & Care
      • Strategic Land
      • Structured Real Estate
      • Planning & Infrastructure
      • Property Litigation & Real Estate Disputes
    • Restructuring & Insolvency
      • Restructuring & Insolvency
      • Restructuring & Insolvency Home
      • Corporate Insolvency
      • Partnership Insolvency
      • Directors' Duties
      • Phoenix Companies
      • Restructuring
    • Tax
      • Tax
      • Tax Home
      • Corporate Tax
      • Real Estate Tax
      • Tax Investigations
  • People
    • People
    • People Home
    • Search By Name
    • Search By Location
    • Search By Expertise
    • Business Management
  • Offices
    • Offices
    • Offices Home
    • Birmingham
    • Bristol
    • Cambridge
    • Chichester
    • Gatwick
    • Glasgow
    • Leeds
    • London
    • Manchester
    • Middlesbrough
    • Newbury
    • Newcastle
    • Reading
    • Sheffield
    • Southampton
  • Contact
  • About
  • News & Insights
  • Careers
  • COVID-19
  • Brexit
Irwin Mitchell Logo

Call us on

0808 271 2602 Or request a call back
  • Home
  • Business
  • Regulatory & Compliance
  • GDPR & Data Protection

GDPR & Data Protection

Getting the correct advice about the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 is vital for your business. Our data protection solicitors are experts at advising businesses on GDPR compliance and how to deal with the ICO, the UK data protection regulator.

Knowing exactly what you need to do to be GDPR compliant can be daunting. Our specialist data protection lawyers will work closely with you to understand your business and provide advice tailored to your current commercial situation and future strategic goals.

Our team’s deep data protection knowledge has developed over years of work in this complex and intricate area of law. This means that we can support in-house counsel or data protection officers, either as a “sounding board” or as specialist advisors.

The GDPR is EU legislation and applies throughout the EEA but can also apply to non-EEA organisations too. We therefore advise UK, EU, and international businesses about data protection and GDPR compliance.

If you’re based outside the EU, we can advise whether you are affected by GDPR and, if so, explain the extent of your compliance obligations. We’ve worked with a number of overseas businesses - particularly in the US - on GDPR issues and can bring that knowledge and experience to your organisation.

Our lawyers can help you with all aspects of GDPR and data protection compliance. We can take you through the initial steps of compliance by carrying out a GDPR Audit to assess where you currently stand. We can then advise on a compliance strategy and the policies and procedures that you will need to put in place to evidence your compliance.

We also advise businesses on day to day issues such as managing subject access requests (SAR/DSAR) and Data Breaches, and how to enter into GDPR-compliant contracts.

We’re also on hand to help if you face complaints from individuals to the Information Commissioner’s Office (ICO) or if you’re the subject of an ICO investigation. In those situations it’s crucial that you have experienced advisors who understand how to handle the issues you’re facing. We have the specialist knowledge and experience you need .

Contact our team on 0808 271 2602 to learn more about how our lawyers can help your business manage its data protection responsibilities.

What Is The GDPR?

The GDPR and the Data Protection Act 2018 control how organisations collect, use and store people’s personal information.

The GDPR applies to businesses operating in the European Economic Area (EEA). It also applies businesses outside the EEA which offer goods or services to people based in the EEA, or monitor their behaviour. It can therefore apply to US businesses or businesses in other countries outside the EEA - we can guide you through whether it applies to you.

In the UK, the Information Commissioner’s Office (ICO) is the regulatory body that enforces GDPR compliance. They have the power to audit compliance, issue enforcement notices and issue large fines if you don’t comply. Fines can total up to up to €20m or 4% of the total worldwide annual turnover of the previous financial year, whichever is higher.

Although the GDPR is European Union legislation, it still applies to UK businesses post-Brexit.

Businesses need to follow the seven principles of the GDPR:

  1. Lawfulness, fairness and transparency – You must collect, use and store personal data legally and fairly and publish a privacy notice so people are clear about how you use their data. We can help you draft a privacy notice that satisfies this transparency requirement while protecting your business interests.
  2. Purpose limitations – You must only use data as described in your privacy notice, or for new purposes that are compatible with the original privacy notice. If you’d like to change how you use your data, we can advise on the best way forward.
  3. Data minimisation – You must only collect and store data that’s relevant and necessary for the purposes set out in your privacy notice.
  4. Accuracy - You must ensure that data is correct when you collect it and kept up-to-date during storage. You must update or delete any incorrect out-of-date data.
  5. Storage limitation – You should only keep data as long as necessary for the purposes listed in the privacy notice, and securely destroyed once it’s no longer needed. We can help you draft a retention policy that sets out how long your business should keep each stream of personal data it collects.
  6. Integrity and confidentiality – You must store data confidentially securely. We’ll help you assess an appropriate level of security for the different types of data you hold based on the potential harm if there was a breach.
  7. Accountability – You must document how you comply with the other six principles through policies and procedures.

What GDPR Issues Could I Face?

Understanding the complexities of the GDPR can be difficult and many businesses think it only covers personal information relating to their staff. Data protection also includes your customers’ and suppliers’ personal data and any data you are storing or managing for a third party.

We advise businesses on:

  • Data Audit – we can assess your current compliance with GDPR and advise where there are gaps and what you need to do to fix them
  • Data Asset Register – we can help you put together the register of how you use personal data as required by GDPR
  • Data Protection Policies and Procedures – Under GDPR you need to be able to demonstrate to the ICO that you are complying with it. This is usually done via having policies and procedures. We can advise on what policies are procedures you need, tailored to your business needs.
  • How to handle subject access requests (SAR / DSAR) – These can be expensive and time consuming to deal with, particularly if you don’t have the experience of knowing which requests you need to comply with, how much data to release, and when exemptions apply. We have the experience and expertise to help you through this complex area.
  • Individuals’ data rights – The GDPR gives individuals greater rights to control their personal data but there are still limitations. We can help you understand exactly how these rights affect your business. You’ll learn which requests are valid , and which aren’t, so you can keep all the data you’re entitled to keep.
  • Dealing with data breaches, including reports to the ICO – You must notify the ICO of certain data breaches. We’ll help you understand which data breaches you need to report and which you don’t, how to report breaches, and advise on a range of related issues. How to market in a compliant way – direct marketing can be a minefield. We’re experts at advising on both GDPR and the additional rules that apply to electronic marketing, the Privacy and Electronic Communications Regulations (PECR). Our lawyers are experts in this particularly complex area of law that sees severe fines for noncompliance, and potential fines for directors.
  • Handing complaints from individuals and regulators – Our specialist team is experienced in advising on dealing with complaints made to the ICO and ICO investigations. We’ll advise on the best strategy to sensitively handle complaints and minimize disruption for your business.
  • Moving data out of the EEA – This is increasingly relevant for businesses using outsourced IT, HR, and marketing services. We’ll help you ensure that these operations are compliant.
  • Sharing data with other businesses – We can draft GDPR-compliant contracts with clauses to control how contractors use personal data and protect your business in the case of a data breach

If your business doesn’t comply with GDPR, it could face fines of up to €20m or 4% of your worldwide annual turnover (whichever is higher). Individuals can also bring claims against you if you misuse their personal data which can lead to you paying damages.

Data breaches can also cause serious reputational damage to your business. Get data protection right, however, and you can build trust in your customer base that can become a real selling point.

Why Choose Irwin Mitchell?

Our data protection solicitors work with businesses of all sizes and across all sectors in the UK and abroad. We have over 20 years’ experience with data protection compliance and helping businesses with ICO investigations.

We’ll explain how data protection laws affect your business and help you stay up-to-date with regulatory changes to reduce the risk of claims or investigations. As we get to know your business, we’ll build a lasting collaborative relationship with your team.

Our offices are situated across the UK so we can help you wherever you’re based. If you’re doing business with overseas companies, we have strong connections with experts abroad so we can advise on cross-border situations.

You’ll also benefit from our wide-ranging expertise from our other legal teams. Our commercial solicitors can help draft contracts with data protection clauses and our commercial disputes and litigation team can advise on any breaches of contract or damages claims that may arise from data breaches.

Contact our GDPR & Data Protection lawyers - 0808 271 2602


Or visit the GDPR & Data Protection team page.

Contact us today

To talk about your situation

Prefer not to call?

Use our form

This data will only be used by Irwin Mitchell for processing your query and for no other purpose.

Joanne Bone Partner Meet Our Data Protection Team
Focus on

Top 10 Takeaways From The Schrems Decision

Learn the 10 most important things your organisation needs to know following this year's big data protection case in the European Court of Justice. 

Read our report now

Testimonials

We truly value the feedback we receive from both our clients and legal accreditation societies, such as The Legal 500 and Chambers & Partners.

chambers-2019

"They've worked with us like partners in the business - we're really pleased with their level of engagement."

Chambers & Partners, 2019

Quote

“You clearly are experts in this fast moving and new area of law – and in addition to a very heavy workload from us and others, you take the time to make sure you have the most up to date insights as they were being developed.”

General Counsel of a global manufacturing company

legal-500-2019

Irwin Michell... "has considerable experience in data protection and privacy issues including GDPR compliance"

Legal 500, 2019

Awards & Accreditations

We're always proud to be recognised for the work we do for our clients and have been named as a leading firm in the latest legal guides - which provide information and recommendations about lawyers and law firms in the UK.

Chambers & Partners 2020 logo

We Work Nationally

We have offices in major cities throughout the UK and our lawyers can arrange to visit you or your business in person if necessary. We also have international capability, with global links to other legal specialists.

See our latest coronavirus updates before visiting our offices

    • Birmingham
    • Bristol
    • Cambridge
    • Chichester
    • Gatwick
    • Glasgow
    • Leeds
    • London
    • Manchester
    • Middlesbrough
    • Newbury
    • Newcastle
    • Reading
    • Sheffield
    • Southampton

Business News

Our lawyers are regularly asked to provide expert insight, advice and analysis for the national media. Take a look at the stories below to see what we’re saying, as well as some of the recent deals we have completed for our clients here in the UK and abroad.

Daily Economic Impact Of Coronavirus Lockdown On UK Regions Revealed In New Report

05 / 05 / 20 Read More

Irwin Mitchell Advises Godwin Developments On Sheffield City Centre Development Purchase

29 / 04 / 20 Read More

Pensions And Furloughing

07 / 04 / 20 Read More

Morrisons Wins Data Breach Case In The Supreme Court

01 / 04 / 20 Read More

The Promotion Of Mental Health And Wellbeing In Retirement Living

16 / 03 / 20 Read More

Irwin Mitchell Named Law Firm Of The Year At LexisNexis Awards

12 / 03 / 20 Read More
  • Contact
  • 0370 1500 100
  • Contact Irwin Mitchell
  • Social Media
  • Twitter
  • Facebook
  • YouTube
  • LinkedIn
  • Instagram
  • About Irwin Mitchell
  • About Us
  • Social Responsibility
  • Careers
  • Business Management
  • SRA Regulated
  • Terms & Conditions
  • Accessibility
  • Privacy & Security
  • Hoaxes
  • Modern Slavery Act Statement
  • Manage Cookie Settings

© 2021  Irwin Mitchell LLP

Irwin Mitchell LLP is authorised & regulated by the Solicitors Regulation Authority. Our Regulatory Information

Request A Callback

Enter you details below and we'll call you back, at a time of your choice

Preferred date*
Today
Tomorrow

This data will only be used by Irwin Mitchell for processing your query and for no other purpose.