We live in a world where data opens up countless opportunities for businesses to grow. As such a lucrative tool, it needs to be protected, whether it’s your own business information or that of your clients. Increasingly, data protection compliance is becoming more stringent with the likes of GDPR putting emphasis on protecting people’s rights. As a business, it means you have a responsibility to protect data effectively.

Key Contacts

Megan Jefferies

Partner 0117 930 9552

Kate Westbrook

Partner 01793 412 501

Abigail Sinden

Associate 01793 412 117


As you assess your business, you may need support in managing dataflows and ensuring they are robust enough to avoid breaches. You will need to consider everything from how you store data, to how you educate your team and any third parties on compliance procedures. And if you ever suspect data may have been comprised, you will need expert legal advice on what to do next.

We can support you right from the start of that process. By taking a proactive approach, we will identify all the data you manage, from cookies to databases, to create a bespoke privacy strategy that fits in with how you run your business and your objectives. You may find there are ways to use data management to your commercial advantage, and we will help you work towards these goals.

It’s important you understand how your internal processes could affect your compliance with data regulations. Our legal experts will give you and your team clarity on managing data effectively, which can be anything from empowering your staff through training to guiding you through our recommendations for your systems. Getting this legal support is all about helping your business, which is why we aim to give recommendations that work with the way you operate to minimise disruption.

Guide to GDPR and data protection

Our Commercial Team has been involved in a number of high-profile matters. Highlights include:

  • Instructing the European subsidiary of a Japanese multinational on the repatriation of customer data to Japan for the purposes of electronic invoicing
  • Advising a UK courier business on the proper processing of residential delivery addresses in the Channel Islands (outside the EEA)
  • Providing training to a government executive agency on its responsibilities under the Freedom of Information Act
  • Informing an international service provider on compliance with data subject access requests
  • Advising a financial institution on the data protection consequences of engaging an outsourced service provider to digitally scan paper files
  • Instructing a fuel oil wholesaler on whether and how it can reveal customer personal data to residential landlords

Our expertise in this area encompasses:

  • Compliance with European and UK data protection legislation
  • Data protection audits, e.g. of marketing and HR databases, as well as storage, compliance within project plans and ongoing compliance reviews
  • Development of data protection questionnaires
  • Rights and obligations under freedom of information legislation
  • Transfer of data outside the European Economic Area (EEA)
  • Advising on and handling Data Subject Access Requests (DSAR)
  • Advising on data breaches and interactions with the Information Commissioner’s Office (ICO).