Google Adwords 0808 278 1398 Bing Ads 0808 274 4482

Data protection

Data breaches can cost companies thousands of pounds in fines, compensation payments, and the unquantifiable costs of general disruption and loss of customer confidence. One serious data breach can plunge a small or medium-sized company into insolvency.

Our solicitors know that data protection is crucial, and that’s why we offer businesses a holistic data protection service. We advise on data protection law and every aspect of data information protection and data security.

How we can help you comply with data protection laws

Parkinson Wright data protection lawyers can help in the following ways: 

  • Advising you on how to comply with data protection laws, including the Data Protection Act 2018, the GDPR (General Data Protection Regulation), the Environmental Information Regulations 2004 and the Freedom of Information Act 2014
  • Advising you about data sharing and the lawful bases for processing personal data under the GDPR, including the reliance on an individual’s consent.
  • Advising you on what to do if data breaches occur. This includes supporting you to comply with breach notification obligations under the GDPR and managing investigations by the ICO (Information Commissioner’s Office).
  • Drafting privacy notices and policies relating to data protection and data security. Our data protection lawyers have extensive experience in drafting and reviewing documents for clients.
  • Creating website policies relating to data protection and privacy. This includes making sure cookie notices and terms and conditions comply with GDPR law.
  • Drafting and reviewing contracts between data controllers and data processors to comply with the GDPR. A data controller is an organisation that collects data, and a data processor is an organisation that receives data from the data controller.
  • Advising you on data protection in corporate transactions. Data protection and cybersecurity are huge concerns during mergers and acquisitions when businesses transfer personal data. Those who buy businesses are increasingly aware of inheriting data security liabilities.
  • Advising you on how to appoint a data protection officer (DPO) and what their role and responsibilities are under the GDPR.
  • Explaining what records you need to maintain to prove data protection compliance. If detailed records are not kept, the ICO could carry out a compulsory audit if there is a data breach complaint against your organisation.
  • Advising you about subject access requests. We will clarify your obligations under GDPR if somebody makes a request to see the personal information your organisation holds on them.

Our business litigation lawyers can support you if legal action is about to be brought against your organisation for a data breach. We will assess the risk to your business, help you mitigate damage, and defend you in court if necessary. 

Data protection laws

There are several data protection laws that apply to businesses in the UK. These include:  

The GDPR is an EU law, but it applies to the UK. 

The Data Protection Act 2018 is the UK’s data protection law. It is drawn from the GDPR. The basic principles of the Act are that personal information is: 

  • Used transparently and only for explicit purposes.
  • Collected only when necessary.
  • Kept up-to-date and accurate.
  • Not kept any longer than necessary.
  • Securely protected so unauthorised individuals cannot access it. 

People have many rights under the Act. These include the right to:

  • Be informed how their personal data will be used.
  • See the personal data held on them.
  • Have their data erased.
  • Restrict or prevent the processing of their data. 

The Act sets out the ways in which personal information can be used by organisations and how it must be protected by them.

The Freedom of Information Act 2014 applies to publicly funded bodies like government departments. It does not apply to private companies. 

Under the Freedom of Information Act, people have the right to see:

  • Personal records held on them.
  • Any other records about them which were created after 21st April 2008. 

Anybody who wants to view the personal data a private company holds about them may exercise their right under the GDPR and the Data Protection Act.

Under the Environmental Information Regulation 2004, people have the right to see environmental information that is held by public authorities. 

Public bodies must: 

  • Be proactive in ensuring environmental information is available to the public.   
  • Provide environmental information to members of the public when requested.

The Act exists to protect people from living in an environment that may be damaging to their health. For example, if an organic waste plant wants to start incinerating clinical waste, this could have an impact on air quality. Under the Act, local residents would have a right to know about these plans so they can investigate and raise objections.

Our data protection team at Parkinson Wright advises companies on how to comply with the law. At the same time, we help to find practical solutions so businesses can continue to thrive.

Why choose Parkinson Wright data protection solicitors?

Our data protection solicitors at Parkinson Wright advise companies of all sizes across many business sectors. We devise cost effective solutions for businesses to ensure they comply with the law and their interests are protected.

Every member of our team has extensive experience with a wide range of data protection and data security matters. We work with other specialist lawyers in our firm, such as employment lawyers, litigation lawyers and corporate lawyers, to ensure your business benefits from the highest level of professional service. 


Parkinson Wright lawyers have several accreditations, so you can rest assured you will receive the best legal advice about data protection issues and a high standard of customer care.

  • Solicitors Regulation Authority

    Regulated and authorised by the Solicitors Regulation Authority (SRA).
  • Lexcel Quality Mark

    We have achieved the Law Society’s Lexcel Legal Practice quality mark, which sets the standard for client care. 

Get in touch

We offer a Free Initial Assessment, so you can speak to our data protection solicitors without charge or obligation.

To arrange your Free Initial Assessment at a time convenient to you, please call 01905 401 893.

Team Members

Jeremy Redfern
Partner, Commercial
Frances Woods
Partner, Head of Litigation
Mark Blake
Partner, Litigation

Expert legal advice you can rely on:


The Act sets out how personal information can be used by all types of organisations, including businesses, charities and the government.

Expert legal advice you can rely on,
get in touch today:

Please let us know you are not a robot