top of page

Data Protection and Compliance

In the highly connected world in which we operate, personal data can easily fall into the wrong hands even where security measures are in place.  This can lead to distress for the individuals involved but also serious legal and reputational consequences for the organisation at the centre of the personal data breach. 


Data protection is relevant to all businesses. Any organisation that stores or uses information from which an individual can be identified is likely to be subject to the provisions of the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (together the “Data Protection Legislation”).  Failure to comply with these provisions can lead to civil claims being brought, fines being issued, and even criminal sanctions. 


At ACK Media Law, we can help you at every step in the aftermath of a data breach, whether that is submitting a report to the Information Commissioner’s Office or communicating with those affected by the data breach, to minimise harm to your organisation.


Mitigation of risk and compliance


We can advise your organisation on every aspect of Data Protection Legislation, including:


  • Data mapping and conducting reviews of data collection points and data processing;

  • The lawful bases for processing and holding personal data;

  • How to respond to subject access requests, erasure requests and Freedom of Information (“FOI”) requests;

  • Data breach preparedness planning, management and response;

  • Regulatory investigations involving the Information Commissioner’s Office;

  • Training;

  • Drafting and advising on a wide range of data protection policies and documents including:

    • Privacy policies for websites, clients, employees, consultants and contributors

    • Organisation-wide data protection policies

    • Record keeping documents

    • Legitimate interest assessments

    • Document retention policies

    • Processor contracts


We also advise organisations in relation to all complaints and claims brought under Data Protection Legislation.  

Related News

bottom of page