GDPR, Data protection and information governance

Expert data protection lawyers


Our expert data protection lawyers advise businesses, public sector bodies and charities on all areas of data protection, privacy law, information governance and freedom of information.

We provide prompt, accurate and focused data protection advice from our six offices to both domestic and international clients.

Why work with us? Not only do we offer relevant, realistic, legal solutions but we are the only UK law firm accredited by the British Computer Society to deliver training leading to the award of the prestigious BCS Practitioner Certificate in Data Protection.

Main Areas Of Practice


Our expert data protection solicitors are highly experienced in dealing with all areas of data protection, information governance and privacy law, including advising on:

GDPR compliance

Our expert team of data protection lawyers assist with all aspects of GDPR compliance including reviewing and drafting documentation, advising on cross-border data flows, carrying out data audits and assisting organisations to undertake and manage GDPR compliance exercises.

Data Protection Impact Assessments and Data Audits

We assist clients by drafting and reviewing DPIAs, identifying data protection risks in planned projects or current processing activities and advising on risk mitigation measures.

Data sharing and processing arrangements

We have extensive experience of advising major public sector clients on complex data sharing arrangements. We also advise financial institutions and suppliers on the data protection considerations of major IT outsourcing projects. This includes drafting and negotiating data processing agreements and contract variations to ensure GDPR compliance.

Privacy notices and compliance documents

Our data protection lawyers have vast experience of drafting and reviewing privacy notices for our clients, including notices aimed at children. Our data protection lawyers also advise on and draft compliance documents such as policies and procedures relating to information governance and security issues.

Personal data breaches and breach notification

Personal data breaches can have serious impacts on businesses. We have wide experience advising clients who have suffered personal data breaches, including advising on breach notification requirements under the GDPR and handling investigations by the Information Commissioner.

Individual requests (including subject access requests)

We advise clients on their obligations when responding to complex data subject requests, including the use of exemptions, as well as assisting clients to review and redact information before disclosure.

FOI and EIR requests

We advise our public sector clients on their disclosure obligations, the use of exemptions, and handling complaints in response to requests under the Freedom of Information Act and the Environmental Information Regulations. We also advise on investigations by the Information Commissioner. On the other side, we assist clients to make use of the access to information legislation and advise third parties on the potential impact of disclosure.

Employment data protection matters

We advise private and public sector employers on their obligations under the GDPR. This includes drafting or reviewing privacy notices and privacy policies, advising employers on responding to data subject requests, providing data protection training and amending contracts of employment for compliance purposes.

Direct marketing

Our data protection lawyers advise clients on how to structure their marketing campaigns in order to comply with data protection law, including obtaining valid consents.

Training

Our expert solicitors deliver high-quality training, including bespoke courses, in data protection and privacy law to a wide range of clients and contacts. We are the only law firm accredited by the British Computer Society to deliver courses leading towards the prestigious Practitioner Certificate in Data Protection qualification.

Our Clients


Our clients include businesses, charitable bodies, universities, schools and colleges, health and social care providers, and other public authorities. These range from data-rich businesses such as start-ups processing data in novel ways through to large corporations and public bodies involved with complex cloud computing arrangements and cross-border data flows.

Local Authority Matters

Download our Magazine
We mean business

GDPR

Navigating the new data protection regime

Download our guide

Highlights


Our data protection experts have advised a number of district councils up and down the country on how to deal with data protection and GDPR issues when procuring high value and long-term service contracts including advising on dealing with counter proposals from bidders. 


Our lawyers have also advised district councils on how to deal with retrofitting older existing agreements that were entered into before GDPR came into force to help them manage their risks and reduce the possibility of non-compliance.


We acted for a large public body in relation to a high profile FOI request for highly sensitive information which was ultimately determined by the ICO. We were instructed to advise in relation to the ICO investigation. The ICO upheld the client's decision to withhold the information requested. 


Our Experts


Simon
Stokes
Partner

London

View Profile
Jon
Belcher
Senior Associate

Cardiff

View Profile
Elisabeth
Bell
Legal Director

Reading

View Profile
Eve
Piffaretti
Partner

Cardiff

View Profile
Holly
Cudbill
Associate

Southampton

View Profile

BM Insights


Events

Unfortunately this event is now full. If you would like to be added to our reverse list then please email [email protected] Our next Public Sector Network seminar is at our Cardiff...

Read More

Articles

As the 31 October deadline approaches, the continuing deadlock between the UK government and the EU is bringing the prospect of a 'no-deal' Brexit ever closer. Our data protection expert...

Read More

Articles

The Greek Data Protection Authority ("DPA" the equivalent of the UK's Information Commissioner's Office/ICO) has just fined PWC €150,000 for GDPR breaches in connection with its processing of employee data....

Read More

Articles

It's nearly a year since the GDPR and Data Protection Act 2018 (DPA 2018) came into force. It's hard to believe that, one year on, we are still awaiting many...

Read More

Case Studies

This case reminds us that healthcare regulators in particular may often find themselves in control of "mixed data" documents, which contain sensitive personal data regarding both patients and the healthcare...

Read More

Articles

In 2016 the case of Bărbulescu v Romania was dubbed a "snooper's charter". The European Court of Human Rights (ECtHR) ruled that the dismissal of an employee for using electronic...

Read More

Need Advice?
Call 0238 085 7047
Or Fill in The Form

Our Experts are here to help

  • Privacy Notice

    Blake Morgan Privacy Policy

    We do not use any enquiries to the [email protected] email address or any completed forms for marketing purposes.

  • This field is for validation purposes and should be left unchanged.