Data Protection & Information Law

We support organisations at every stage of their data protection lifecycle – from routine compliance to urgent breach response. Our advice is practical, structured and grounded in the realities of your operational environment.

We review and refine policies, procedures and supporting documents to keep your organisation aligned with regulatory expectations. For clients who need a full reset, we design tailored frameworks supported by UK GDPR compliance audits and targeted data protection policies and contracts.

When you are planning a new project, we help you identify risks early, assess alternative approaches and document decisions clearly. Our audit work gives you a focused view of what is working, what is vulnerable and where immediate steps are required.

Clear, well-structured data-sharing arrangements reduce risk. We advise on collaborative projects, joint ventures and public sector partnerships, providing legal guidance on data sharing agreements that aligns commercial aims with compliance obligations.

If you experience a breach, we help you contain it quickly, manage internal communication and assess whether the ICO needs to be notified. Where the regulator becomes involved, we guide you through the process, offering legal support and advice on ICO investigations and enforcement to keep disruption to a minimum. We can also help you deal with any consequential legal claims that may arise following a personal data breach.

Responding to data subject requests requires judgment and efficiency. We help you apply exemptions, manage deadlines and review material for disclosure. Our subject access requests legal assistance gives you a clear plan for handling even the most complex requests.

We draft and review data protection clauses across a wide range of commercial contracts to ensure roles, responsibilities and liabilities are clearly set out.

Our Health Check benchmarks your compliance against UK GDPR and the Data Protection Act 2018, giving you a structured set of priorities and practical next steps.

We advise on all aspects of FOIA and the Environmental Information Regulations, for both public authorities and organisations engaging with them.

For public authorities, we:

• Help design and refine FOI procedures and training
• Advise on applying exemptions and exceptions robustly
• Support decisions through internal review, ICO investigation and appeal
• Draft and refine FOI-related provisions in public sector contracts

For commercial organisations, we:

• Help you make targeted FOI and EIR requests where access to information is important to your commercial or strategic objectives
• Advise on how your information is described and protected in public sector contracts
• Support you in challenging inappropriate disclosure of sensitive or confidential information

Our team has successfully challenged ICO decisions on the applicability of FOIA, protecting clients from unfair or excessive disclosure of commercially sensitive material. We combine a detailed understanding of the legislation with practical experience of how requests are handled in reality.