Data Protection Law

Having high quality data about your customers, your target audience, your suppliers and your staff will drive business growth, if it is used effectively. Managing and controlling that data, and how it is used, presents a genuine challenge for any business.

That challenge increased in May 2018 with the introduction of the General Data Protection Regulation (GDPR), and now has become even more complex post-Brexit: for example, there is UK GDPR, but some will also need to consider EU GDPR and its impact on their operations.

Much of the focus around data protection has been on the fines that can be imposed if you do not comply. But there is also the reputational risk that goes with a data breach, as well as the risk that in extreme situations the Information Commissioner could impose a penalty that interrupts your day-to-day business operations.

Remember, the data protection legislation will apply to you if you:

  • keep or use personal data about your stakeholders, whether that is your customers, staff, suppliers or other individuals
  • have a website that collects personal data (eg via cookies, an enquiry form or subscribing to newsletters)
  • transfer personal data from the UK (or EU, if based there) to countries other than the UK or EU – whether that is other companies within your Group, or other customers or suppliers overseas
  • process personal data on behalf of another company (meaning that you are a data processor).

Fact finding, careful thinking, planning and operational implementation will all be needed. You can’t collect everything, keep it forever and worry about it later.

Key action points for you to consider include:

  • Securing internal support from Board level down – you should have organisational commitment to compliance with the data protection legislation
  • Understanding what information you hold about individuals within and outside of your organisation
  • Designing your processes for compliance including drafting of notices and policies, conducting impact assessments, appointing a data protection officer etc.
  • Addressing cybersecurity risks and threats and
  • Training your staff.

How the Data Protection team at DMH Stallard can help

How much work you need to do to get your organisation GDPR compliant depends on a variety of factors such as how data rich a business you are, and how compliant you already are with the UK GDPR and the Data Protection Act 2018.

We will work with you to get you up to the required standard – agreeing a plan for key tasks to be delivered in accordance with set timescales.

To get you on the right track towards compliance we offer:
  • A business-wide data audit document which will help you to understand the flows of data into and out of your organisation, allowing you to then focus on areas of highest risk
  • A privacy statement which can be used to tell your staff, customers, suppliers etc. how you will use the data you hold about them
  • A training session for your managers or staff delivered by one of our team introducing them to GDPR and considering how it might affect your business
  • Consultancy services so that your Data Protection Officer or others within your organisation can get guidance from our team on areas specifically relevant to you (up to five hours of support included)
  • A notification of breach form, allowing you to respond quickly to the Information Commissioner if there is a data breach

This fixed price package will give you the comfort that you are going to be well on your way towards data protection compliance.

There may be other support and advice you need depending on your business, including:

  • Reviewing internal and external policies and procedures, including privacy policies, data breach response plans, data retention policies, data protection strategies, and binding corporate rules and helping you update these in line with the data protection legislation
  • Reviewing and updating data protection clauses in your contracts with third parties (including contracts which you have in place with your suppliers and customers, as well as your employment contracts)
  • supporting your Data Protection Officer (DPO) or other DPO service (if you fall within the requirements under the data protection legislation to appoint one).

Key Contacts

Greg Burgess
John Yates
Will Walsh
Jonathan Compton
Adam Williams
Simon Bellm
Debbie Venn

Greg Burgess

Employment law expert in restructures, senior employee exits and settlement agreements

Email Greg
View Greg's Profile

John Yates

Specialist in business contracts and technology, media and intellectual property law

Email John
View John's Profile

Will Walsh

Employment partner specialising in company restructures and senior terminations.

Email Will
View Will's Profile

Jonathan Compton

Specialist in domestic and international dispute related matters for private individuals and corporate organisations

Email Jonathan
View Jonathan's Profile

Adam Williams

Business immigration/employment law expert advising organisations and senior executives

Email Adam
View Adam's Profile

Simon Bellm

Expert in public, private sector complex employee relations and structural change issues

Email Simon
View Simon's Profile

Debbie Venn

Experienced commercial contracts specialist with particular expertise in technology, travel, manufacturing and wine sectors
Brighton - Jubilee St

Email Debbie
View Debbie's Profile

Further reading

What is artistic craftsmanship? Further copyright musings

Can a rowing machine be a work of artistic craftsmanship and, as such, benefit from copyright protection? Victoria Watt discusses the ongoing WaterRower case upon which this question is centred
Read more Read

Data claims in distress

Blog, Legal Updates
Recent case law shows the courts are taking a tough line on claims for distress caused by a data breach
Read more Read

Clarification on damages for data breaches handed down by Supreme Court

On 10 November 2021, the Supreme Court handed down its judgment in Lloyd v Google LLC leading to a saving of £3billion in compensation claims
Read more Read

5 data protection changes to be aware of

Commercial law specialist Liz Gillingham provides a summary of recent developments in data protection law
Read more Read
  • Brighton - Jubilee St

    1 Jubilee Street


    East Sussex

    BN1 1GE

  • Brighton - Old Steine

    47 Old Steine


    East Sussex

    BN1 1NW

  • Gatwick

    Griffin House

    135 High Street


    West Sussex

    RH10 1DQ

  • Guildford

    Wonersh House

    The Guildway

    Old Portsmouth Road



    GU3 1LR

  • Hassocks

    32 Keymer Road


    West Sussex

    BN6 8AL

  • Horsham

    Ridgeland House

    15 Carfax


    West Sussex

    RH12 1DY

  • London

    6 New Street Square

    New Fetter Lane


    EC4A 3BF

  • Make an enquiry

    Make an enquiry


    Or head to our Contact us page