Data Protection

Having high quality data about your customers, your target audience, your suppliers and your staff will drive business growth, if it is used effectively. Managing and controlling that data, and how it is used, presents a genuine challenge for any business.

That challenge increased in May 2018 with the introduction of the General Data Protection Regulation (GDPR), and now has become even more complex post-Brexit: for example, there is UK GDPR, but some will also need to consider EU GDPR and its impact on their operations.

Much of the focus around data protection has been on the fines that can be imposed if you do not comply. But there is also the reputational risk that goes with a data breach, as well as the risk that in extreme situations the Information Commissioner could impose a penalty that interrupts your day-to-day business operations.

Remember, the data protection legislation will apply to you if you:

  • keep or use personal data about your stakeholders, whether that is your customers, staff, suppliers or other individuals
  • have a website that collects personal data (eg via cookies, an enquiry form or subscribing to newsletters)
  • transfer personal data from the UK (or EU, if based there) to countries other than the UK or EU – whether that is other companies within your Group, or other customers or suppliers overseas
  • process personal data on behalf of another company (meaning that you are a data processor).

Fact finding, careful thinking, planning and operational implementation will all be needed. You can’t collect everything, keep it forever and worry about it later.

Key action points for you to consider include:
  • Securing internal support from Board level down – you should have organisational commitment to compliance with the data protection legislation
  • Understanding what information you hold about individuals within and outside of your organisation
  • Designing your processes for compliance including drafting of notices and policies, conducting impact assessments, appointing a data protection officer etc.
  • Addressing cybersecurity risks and threats and
  • Training your staff.

How the Data Protection team at DMH Stallard can help

How much work you need to do to get your organisation GDPR compliant depends on a variety of factors such as how data rich a business you are, and how compliant you already are with the UK GDPR and the Data Protection Act 2018.

We will work with you to get you up to the required standard – agreeing a plan for key tasks to be delivered in accordance with set timescales.

To get you on the right track towards compliance we offer:
  • A business-wide data audit document which will help you to understand the flows of data into and out of your organisation, allowing you to then focus on areas of highest risk
  • A privacy statement which can be used to tell your staff, customers, suppliers etc. how you will use the data you hold about them
  • A training session for your managers or staff delivered by one of our team introducing them to GDPR and considering how it might affect your business
  • Consultancy services so that your Data Protection Officer or others within your organisation can get guidance from our team on areas specifically relevant to you (up to five hours of support included)
  • A notification of breach form, allowing you to respond quickly to the Information Commissioner if there is a data breach.
This fixed price package will give you the comfort that you are going to be well on your way towards data protection compliance.

There may be other support and advice you need depending on your business, including:
  • Reviewing internal and external policies and procedures, including privacy policies, data breach response plans, data retention policies, data protection strategies, and binding corporate rules and helping you update these in line with the data protection legislation
  • Reviewing and updating data protection clauses in your contracts with third parties (including contracts which you have in place with your suppliers and customers, as well as your employment contracts)
  • supporting your Data Protection Officer (DPO) or other DPO service (if you fall within the requirements under the data protection legislation to appoint one).

We will help you meet the required data protection standards.

Key Contacts

Greg Burgess
John Yates
Will Walsh
Jonathan Compton
Adam Williams
Simon Bellm
Debbie Venn

Greg Burgess

Employment law expert in restructures, senior employee exits and settlement agreements

Email Greg
View Greg's Profile

John Yates

Specialist in business contracts and technology, media and intellectual property law

Email John
View John's Profile

Will Walsh

Employment partner specialising in company restructures and senior terminations.

Email Will
View Will's Profile

Jonathan Compton

Specialist in domestic and international dispute related matters for private individuals and corporate organisations

Email Jonathan
View Jonathan's Profile

Adam Williams

Business immigration/employment law expert advising organisations and senior executives

Email Adam
View Adam's Profile

Simon Bellm

Expert in public, private sector complex employee relations and structural change issues

Email Simon
View Simon's Profile

Debbie Venn

Experienced commercial contracts specialist with particular expertise in technology, travel, manufacturing and wine sectors

Email Debbie
View Debbie's Profile

Further reading

5 data protection changes to be aware of

Commercial law specialist Liz Gillingham provides a summary of recent developments in data protection law
Read more Read

New rules for international data transfers

Blog, Legal Updates
Liz Gillingham looks at the new contractual clauses affecting international transfers of personal data
Read more Read

Increased regulation of the internet – the reflections of a legal hack

Blog, News & PR
Jonathan Compton offers a personal view on the regulation of the internet
Read more Read

Regulation of personal data in the Covid era

Jonathan Compton considers the implications for the regulation of data in the Covid era.
Read more Read
  • Brighton Office

    1 Jubilee Street


    East Sussex

    BN1 1GE

  • Gatwick Office

    Griffin House

    135 High Street


    West Sussex

    RH10 1DQ

  • Guildford Office

    Wonersh House

    The Guildway

    Old Portsmouth Road



    GU3 1LR

  • Horsham Office

    Ridgeland House

    15 Carfax


    West Sussex

    RH12 1DY

  • London Office

    6 New Street Square

    New Fetter Lane


    EC4A 3BF

  • Get in touch