GDPR (General Data Protection Regulations) is a new data protection reform established by the European Union. Our expert GDPR solicitors are here to provide you with all aspects of GDPR legal advice.

What can our GDPR Solicitors help with?

  • Legal advice on what the GDPR means for your organisation
  • Legal advice about GAP analysis, and your information audit
  • Review GDPR compliance strategy , and data protection policies
  • Legal advice about how long you should be retaining data
  • Contracts between data controllers and processors – the new law provide that there must be a written contract between all controllers and third parties who process a controller’s data e.g. clients and accountants/pay roll providers/marketing agencies/IT providers/HR consultants
  • Employment contracts – these will need updating and all employees/workers/contractors to be given a privacy notice setting out how data is processed
  • HR advice linked to GDPR
  • Preparation and review of Privacy notices – all data subjects whether customers, prospects or staff must be told what you will do with their data at the point of collection. We recommend most organisations will need an updated/legally compliant GDPR privacy notice in a prominent place on their website
  • Updating terms and conditions
  • Legal advice regarding notification and suspected breaches
  • Legal advice surrounding Data Subject Access Requests – all individuals have the right to request all the data you hold on that individual. There are strict time limits to process these requests.
  • Legal advice about the justification for processing data e.g. consent, or legal obligation
  • Suggested wording to obtain compliant consent under GDPR

What should you be doing now to ensure GDPR compliance?

  1. Carry out an audit of the information you hold. Consider why and how long you hold this data. Implement a compliant data protection policy;
  2. Update privacy notice on website and for all staff;
  3. Review marketing processes and cleanse data where consent is needed;
  4. Update all contracts with third parties, and terms and conditions to ensure GDPR compliance;
  5. GDPR training/awareness for staff;
  6. Ongoing audits.

General Data Protection Regulation (GDPR) – the new data protection regime

Data protection obligations were set out in the Data protection Act (DPA 1998). At the time the data protection act introduced an extensive data protection regime by imposing broad obligations on those who collect personal data and by conferring broad rights on individuals about whom data is collected.

To adapt to modern technology, in April 2016, the European Parliament approved a general data protection reform package, and adopted the General Data Protection Regulation (GDPR) LINK.


In the UK, the GDPR is overseen by The Information Commissioners Office LINK (ICO) which is the independent public body responsible for upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Data Principles

The new data protection regime sets out a number of principles which data controllers must comply when processing personal data:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality.
  • Accountability

Conditions for Processing

Processing personal data will be lawful only if, and to the extent that, at least one of the conditions in Article 6 of the GDPR is met. Those conditions (which are similar those under the DPA 1998) are that:The data subject has given consent to the processing of their personal data for one or more specific purposes. Consent has attracted a lot of publicity but the ICO warns that you should not rely on consent and look to other grounds first.

  • The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of a data subject prior to entering into a contract
  • The processing is necessary to comply with a legal obligation to which the controller is subject e.g. to HMRC
  • The processing is necessary to protect the vital interests of the data subject or another person
  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Article 6(1)(e)).
  • The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests and fundamental rights and freedoms of the data subject which require protection of personal data, especially were the data subject is a child (Article 6(1)(f))

To protect your business from data protection penalties and fines, contact our GDPR solicitors today for expert GDPR legal advice

Our Experts

Kate Brooks

Partner, Solicitor & Head of Employment/HR Services

View All Experts

Here to help

Our specialist teams can provide full service legal advice and assistance, providing practical and cost-effective solutions.

Our offices

302 Charminster Road Bournemouth Dorset BH8 9RU
01202 525333 Contact
Office 320 107 – 111 Fleet Street London EC4A 2AB
02039 784720 Contact
14a Haven RoadCanford Cliffs, Poole Dorset BH13 7LP
01202 709898 Contact
Monmouth Court Southampton Road, Ringwood Hampshire BH24 1HE
01425 484848 Contact
55 High Street Swanage Dorset BH19 2LT
01929 422233 Contact
39a East Street Wimborne Dorset BH21 1DX
01202 057676 Contact