Data Protection & Privacy Solicitors
Dealing with data protection and privacy issues can be incredibly daunting, whether you are a business or an individual.
For business, data protection compliance is more serious now than ever before and data breaches can have serious consequences. Similarly, individuals are more concerned about what data is held about them and how their personal data is used, and they are more likely to take action if there has been a breach of data protection.
At Lupton Fawcett, our team of specialist data protection solicitors is experienced in all areas of data privacy laws and regulations. We are here to offer you easy-to-understand legal advice to help you navigate this fast-evolving area of law whether you need help with compliance, investigations, breaches or training.
What are the data protection laws?
The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), have been in force for a number of years now, and the provisions for the post-Brexit GDPR implementation have been set out, which effectively mean that the UK will maintain the standards set by the GDPR.
In addition, there are several other laws and regulations which govern the use of data, such as the Privacy and Electronic Communications Regulations (PECR), Freedom of Information Act (FOIA), and Network and Information Systems (NIS) Regulations. Together, all of these laws and more make up the framework for data protection legislation which businesses have to comply with, whether you are dealing with basic customer details, mailing lists and marketing campaigns, or sensitive personal information.
The risks of not complying can potentially be quite serious – a breach of the GDPR could carry a fine of up to €20 million or 4% of your company’s annual worldwide group turnover and may also be a criminal offence under the DPA. The regulator in the UK is the Information Commissioner’s Office (ICO).
However, many businesses both large and small are still uncertain as to their rights and responsibilities under the current data protection regime and the various laws that apply, potentially leaving themselves exposed to complaints and sanctions.
Here at Lupton Fawcett, our specialist data protection lawyers can help your organisation to navigate this complex aspect of modern business.
How Lupton Fawcett can help your business with Data Protection compliance?
Our team of specialist Data and Privacy lawyers can help advise and assist various data and privacy legislation, including:
- The General Data Protection Regulations and Data Protection Act 2018;
- The Freedom of Information Act;
- Privacy and Electronic Communications Regulations;
- Network and Information Systems Regulations.
We can help you address various steps to enable and support your compliance in all aspects of data and privacy laws, including:
Data Processing Audits
Conducting data processing audits to help you identify your data processes, compliance, and policies, and their strengths and weaknesses.
Providing guidance reports on recommended actions you can take to improve your compliance with data and privacy laws.
Permitted Use of Personal Data
Advising on permitted uses of personal data, including how you collect, store, market and transfer that information;
Negotiating appropriate contractual terms with other data processors and controllers;
Assisting and advising on appropriate action in the event of a personal data breach.
Privacy Notices, Policies and Forms
Drafting and reviewing relevant documents for your business, including privacy notices, data protection policies, consent forms and data processing agreements.
Advising and representing you in respect of regulatory investigations and court hearings.
Data Access Requests
Assisting and advising you in the event you receive a data subject access request or freedom of information request including providing a review and redaction service.
Providing flexible and tailored training courses for your staff to help them understand the issues and steps they need to be aware of in ensuring compliance with the likes of GDPR, PECR, NIS and FOIA.
Does the legislation apply to my business?
The different pieces of legislation have different applications, but in general, if you are processing personal data within the UK, you will need to comply with at least one or more of the GDPR, DPA, NIS and PECR.
Data & Privacy Law Training
Our team of specialist Data and Privacy lawyers offer a variety of training days to suit your needs.
We host half day training sessions on:
- An Introduction to GDPR, PECR and NIS;
- How to Manage Subject Access Requests and Freedom of Information Requests;
- An Introduction to Network and Information Systems (NIS); and
- An Overview of PECR and Cookies.
Please visit our events page for details of our data and privacy training sessions and upcoming dates. We are also available to host our training sessions in-house for groups of your employees at a venue that suits you. Please contact any member of the Data and Privacy Law team to discuss further.
How can Lupton Fawcett help you Personally?
All living human beings will be classed as a data subject in one way or another. Whether this is in relation to the information your current or prospective employer processes about you, companies that you have bought products from or receive marketing information from or any number of other professional bodies that process your personal data, the GPDR will still apply.
If you are a data subject, you have certain rights available to you under the GDPR to ensure the transparent processing of your personal data. These rights can include:
- The right to be informed on what data is being processed;
- The right to access your personal data, a Data Subject Access Request;
- The right to rectification if data is inaccurate or incomplete;
- The right to erasure, also known as the “right to be forgotten” in certain circumstances;
- The right to restrict processing in certain circumstances;
- The right to data portability: which allows individuals to move, copy or transfer personal data easily between one IT environment to another in a secure and safe manner;
- The right to object to processing on grounds relating to your particular situation unless there are compelling legitimate grounds for processing;
- Rights relating to automated decision making and profiling: the GDPR provides safeguards for individuals against the risk of a decision being taken without human intervention.
Breach of your rights as a data subject under the GDPR can have severe and lasting consequences.
Data breaches for example, including the accidental loss of your personal information, can have a significant impact on you as a data subject. In certain circumstances, you may be entitled to compensation for financial damage and distress caused in a data breach.
If you would like further information about your rights as a data subject or believe you are the subject of a data breach please contact one of our specialist Data and Privacy Law team who would be happy to provide further advice.
If you are facing an ICO investigation or regulatory prosecution regarding data protection and privacy laws, we can provide you with experienced, pragmatic advice and representation to help ensure the best possible outcome for you and your business.
Jeremy Scott and the Regulatory and Corporate Defence team at Lupton Fawcett are available 24/7. Please call us to discuss how we can help.
Contact us for help
To speak to one of our solicitors about Data and Privacy Law compliance or advice on any data protection law issues, call us on 0333 323 5292 or download our team sheet to find out more. Alternatively, you can email us or complete the enquiry form below and we will get in contact.
Our Data Protection Solicitors act regularly for clients across the United Kingdom including Bradford, Birmingham, Hull, Leeds, Liverpool, London, Manchester, Sheffield, York and Nottingham.
We can support your needs wherever you live in England, Wales, Northern Ireland and Ireland.