Data Protection

We have the knowledge and experience to help organisations in all sectors navigate their way through the complexity of data protection law. Our aim is to ensure we offer practical guidance and innovative solutions to our clients to ensure they comply with data protection law and meet their accountability obligations, enabling them to continue to use personal data the way they need to.

We recognise that the UK GDPR and the Data Protection Act 2018 impose extensive obligations on organisations. Non-compliance can be costly both in terms of the financial penalties imposed by the ICO and the potential reputational damage.

We can provide support and assistance to our clients in implementing changes to operational practices to ensure compliance with data protection law including:

  • Appointing a data protection officer
  • Providing privacy information
  • Dealing with data breaches
  • Training
  • Subject access requests
  • Data Protection Impact Assessments
  • Appointing data processors
  • Data sharing arrangements
  • Data transfers outside the UK

Whether you are engaging a data processor or entering into data sharing or joint controller arrangements, we can ensure that your contracts meet data protection law requirements. Having the appropriate and necessary contractual provisions is essential to demonstrate compliance with your data protection obligations.

We also have extensive experience in advising on personal data and information security breaches. We can advise on the notification requirements under data protection law and guide you through the process of preparing notifications to the ICO and individuals where necessary. We know how difficult and disruptive dealing with security breaches can be, and our aim is to help clients manage the situation so they are in the best possible position from a regulatory and reputational point of view.

The ICO has identified staff awareness as a key element in demonstrating accountability in relation to your data protection obligations. We offer a comprehensive range of training packages on all aspects of data protection compliance. These training sessions can be tailored to your specific requirements and the level of training your staff require. Alternatively, if you are looking for a way to provide general training for all staff across your organisation, we have developed an online training module which can be easily deployed to all staff. It provided you with a certified way to demonstrate that you’ve met your training obligations.


Related expertise include: Commercial Disputes, Employment Rights & Contracts, Information Law.

Like to talk about Data Protection?

What clients say

"Geldards provide a high quality of service. They understand our organisation, are responsive and give high-quality advice. They flag risks and the work is done promptly."

Chambers & Partners 2024

"Geldards is proactive, commercial and responsive, and are a delight to work with."

Legal 500 2024

To Top