Data Protection

Having high quality data about your customers, your target audience, your suppliers and your staff will drive business growth, if it is used effectively. Managing and controlling that data, and how it is used, presents a genuine challenge for any business.

That challenge increased in May 2018 with the introduction of the General Data Protection Regulation (GDPR), and now has become even more complex post-Brexit: for example, there is UK GDPR, but some will also need to consider EU GDPR and its impact on their operations.

Much of the focus around data protection has been on the fines that can be imposed if you do not comply. But there is also the reputational risk that goes with a data breach, as well as the risk that in extreme situations the Information Commissioner could impose a penalty that interrupts your day-to-day business operations.

Remember, the data protection legislation will apply to you if you:

  • keep or use personal data about your stakeholders, whether that is your customers, staff, suppliers or other individuals
  • have a website that collects personal data (eg via cookies, an enquiry form or subscribing to newsletters)
  • transfer personal data from the UK (or EU, if based there) to countries other than the UK or EU – whether that is other companies within your Group, or other customers or suppliers overseas
  • process personal data on behalf of another company (meaning that you are a data processor).

Fact finding, careful thinking, planning and operational implementation will all be needed. You can’t collect everything, keep it forever and worry about it later.

Key action points for you to consider include:
  • Securing internal support from Board level down – you should have organisational commitment to compliance with the data protection legislation
  • Understanding what information you hold about individuals within and outside of your organisation
  • Designing your processes for compliance including drafting of notices and policies, conducting impact assessments, appointing a data protection officer etc.
  • Addressing cybersecurity risks and threats and
  • Training your staff.

How the Data Protection team at DMH Stallard can help

How much work you need to do to get your organisation GDPR compliant depends on a variety of factors such as how data rich a business you are, and how compliant you already are with the UK GDPR and the Data Protection Act 2018.

We will work with you to get you up to the required standard – agreeing a plan for key tasks to be delivered in accordance with set timescales.

To get you on the right track towards compliance we offer:
  • A business-wide data audit document which will help you to understand the flows of data into and out of your organisation, allowing you to then focus on areas of highest risk
  • A privacy statement which can be used to tell your staff, customers, suppliers etc. how you will use the data you hold about them
  • A training session for your managers or staff delivered by one of our team introducing them to GDPR and considering how it might affect your business
  • Consultancy services so that your Data Protection Officer or others within your organisation can get guidance from our team on areas specifically relevant to you (up to five hours of support included)
  • A notification of breach form, allowing you to respond quickly to the Information Commissioner if there is a data breach.
This fixed price package will give you the comfort that you are going to be well on your way towards data protection compliance.


There may be other support and advice you need depending on your business, including:
  • Reviewing internal and external policies and procedures, including privacy policies, data breach response plans, data retention policies, data protection strategies, and binding corporate rules and helping you update these in line with the data protection legislation
  • Reviewing and updating data protection clauses in your contracts with third parties (including contracts which you have in place with your suppliers and customers, as well as your employment contracts)
  • supporting your Data Protection Officer (DPO) or other DPO service (if you fall within the requirements under the data protection legislation to appoint one).


We will help you meet the required data protection standards.

Key Contacts

Greg Burgess
John Yates
Will Walsh
Jonathan Compton
Adam Williams
Simon Bellm
Debbie Venn

Greg Burgess

Partner
Employment law expert in restructures, senior employee exits and settlement agreements
Gatwick

Email Greg
View Greg's Profile

John Yates

Partner
Specialist in business contracts and technology, media and intellectual property law
Gatwick

Email John
View John's Profile

Will Walsh

Partner
Employment partner specialising in company restructures and senior terminations.
Gatwick

Email Will
View Will's Profile

Jonathan Compton

Partner
Specialist in domestic and international dispute related matters for private individuals and corporate organisations
Guildford

Email Jonathan
View Jonathan's Profile

Adam Williams

Partner
Business immigration/employment law expert advising organisations and senior executives
Guildford

Email Adam
View Adam's Profile

Simon Bellm

Partner
Expert in public, private sector complex employee relations and structural change issues
Gatwick

Email Simon
View Simon's Profile

Debbie Venn

Partner
Experienced commercial contracts specialist with particular expertise in technology, travel, manufacturing and wine sectors
Brighton

Email Debbie
View Debbie's Profile
Previous
Next

Further reading

Increased regulation of the internet – the reflections of a legal hack

Blog, News & PR
22/12/2020
Jonathan Compton offers a personal view on the regulation of the internet
Read more Read

Regulation of personal data in the Covid era

Blog
11/05/2020
Jonathan Compton considers the implications for the regulation of data in the Covid era.
Read more Read

Google’s data migration to the USA and data protection post Brexit

Blog, News & PR
26/02/2020
Google’s data migration keeps data protection in spotlight
Read more Read

Managing data risk: how to retain control

Blog, News & PR
13/12/2019
Non-compliance with data protection legislation is expensive - in more ways than one; Rebecca Leeves considers how you can reduce the risks to your business.
Read more Read
  • Brighton Office

    1 Jubilee Street

    Brighton

    East Sussex

    BN1 1GE

  • Gatwick Office

    Griffin House

    135 High Street

    Crawley

    West Sussex

    RH10 1DQ

  • Guildford Office

    Wonersh House

    The Guildway

    Old Portsmouth Road

    Guildford

    Surrey

    GU3 1LR

  • Horsham Office

    Ridgeland House

    15 Carfax

    Horsham

    West Sussex

    RH12 1DY

  • London Office

    6 New Street Square

    New Fetter Lane

    London

    EC4A 3BF

  • Get in touch