Data protection and privacy

Dealing with data protection and privacy issues can be incredibly daunting.

For business owners and managers, data protection compliance is more serious now than ever before, and data breaches can have serious consequences. Demonstrating compliance with data protection laws can also be critical when seeking business investment or at the time of a sale of a business or a division of the business.

How can we help?

Our team of specialist data protection solicitors is experienced in all areas of data privacy laws and regulations. We advise companies of all sizes on their data protection compliance. We are here to offer you easy-to-understand legal advice to help you navigate this fast-evolving area of law whether you need help with compliance, investigations, data breach claims or training.

Our specialist Data Protection team advise businesses on:

  • The General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018 (DPA)
  • The Privacy and Electronic Communications Regulations (PECR)
  • The Freedom of Information Act (FOIA)
  • The Network and Information Systems Regulations (NIS)
  • Together, all of these laws and more make up the framework for data protection legislation which businesses have to comply with, whether you are dealing with basic customer details, mailing lists and marketing campaigns, or sensitive personal information.

    The different pieces of legislation have different applications, but in general, if you are processing personal data within the UK, you will need to comply with at least one or more of the UK GDPR, DPA, NIS and PECR.

    The risks of not complying can be serious – a breach of the GDPR could carry a fine of up to £17 million or 4% of your company’s annual worldwide group turnover and may also be a criminal offence under the DPA.

    However, many businesses both large and small are still uncertain as to their rights and responsibilities under the current data protection regime and the various laws that apply, potentially leaving themselves exposed to complaints and sanctions.

    Our specialist data protection lawyers can help your organisation to navigate this complex aspect of modern business.

    Data protection and privacy compliance

    We can help you address various steps to enable and support your compliance in all aspects of data and privacy laws, including:

    Data processing audits

    Conducting data processing audits to help you identify your data processes, compliance, and policies, and their strengths and weaknesses.

    Compliance reports

    To assist businesses, we offer a range of fixed-price compliance packages targeted at specific compliance areas where businesses frequently need support.

    Permitted use of personal data

    Advising on permitted uses of personal data, including how you collect, store, market and transfer that information.

    Contractual terms

    Negotiating appropriate contractual terms with other data processors and controllers.

    Privacy notices, policies and forms

    Drafting and reviewing relevant documents for your business, including privacy notices, data protection policies, consent forms and data processing agreements.

    Data Subject Access Requests

    Assisting and advising you in the event you receive a data subject access request or freedom of information request.

    ICO investigations

    If you are facing an ICO investigation or regulatory prosecution regarding data protection and privacy laws, we can provide you with experienced, pragmatic advice and representation to help ensure the best possible outcome for you and your business.

    The Regulatory and Corporate Defence team at Lupton Fawcett are available 24/7. For more information, please visit our ICO investigation page.

    Training courses

    We can provide flexible and bespoke training courses for your marketing team and/or management teams to enable them to understand the issues and steps they need to be aware of in ensuring compliance with the likes of UK GDPR, PECR, NIS and FOIA. We can host these in-house, at your premises or online.

    Contact us for help

    For data protection advice from our experienced team of solicitors, call our Data Protection team on 0333 323 5292 or fill in our enquiry form and we will call you back.


    Lupton Fawcett provided a first-class working environment in which I was able to openly discuss serious issues.”

    Chambers and Partners

    Every insight