Our Data Protection Services

Data protection in the UK is governed by the UK GDPR, the Data Protection Act 2018 and related legislation. Businesses must not only comply with data protection principles but also demonstrate accountability in how personal data is handled. 

Our data protection lawyers provide practical, strategic advice to help you embed compliance into your day-to-day operations. 

We work with organisations of all sizes and sectors, delivering proportionate and cost-effective solutions tailored to your business. 

We can advise on whether you act as a data controller or processor and explain the legal and commercial implications for your organisation.

Contact Our Data Protection Solicitors

commercial team photo 5

Our Core Services

We advise on and prepare the key documentation and processes required for effective compliance, including: 

Data Mapping Exercises 

We map how personal data flows through your business, identifying where data is collected, stored, accessed, shared and transferred, to assess risk and improve compliance.

Data Subject Access Requests (DSARs) 

We support businesses in responding to DSARs and can draft internal procedures and training materials to ensure efficient and compliant handling.

Privacy Notices 

We draft tailored privacy notices covering employee, customer and online data, ensuring transparency and alignment with your data practices. 

Data Protection Impact Assessments (DPIAs) 

We advise on when DPIAs are required and prepare bespoke assessments for high-risk processing activities. 

Data Sharing & Processing Agreements 

We draft and negotiate data sharing and processing agreements, including those involving international transfers, ensuring compliance with UK and EU requirements.

Direct Marketing & PECR 

We provide guidance on lawful marketing practices, including consent mechanisms and compliance with PECR.

International Data Transfers  

Many organisations transfer personal data outside the UK, often through cloud-based services or international operations based outside the EU. 

We advise on lawful transfer mechanisms and appropriate safeguards, including Standard Data Protection Clauses, including the ICO’s International Data Transfer Agreement (IDTA) and the International Data Transfer Addendum (the Addendum) 

Breach Response  

In the event of a data breach or suspected breach, we provide rapid support to: 

  • Investigate and assess risk 
  • Contain and manage the incident 
  • Prepare reports to the ICO (Information Commissioner’s Office) 
  • Manage regulatory engagement and communications 

Who We Help

Our data protection solicitors support a wide range of organisations, including: 

We provide tailored advice aligned to your operational needs, management priorities and risk profile.

Contact Our Experts

data protection GDPR

How We Can Help 

Effective data protection compliance requires more than policies, it demands a practical framework embedded within your business. 

Our team delivers clear, actionable advice to help you meet your legal obligations with confidence. 

Compliance & Strategy 

  • Advice on UK GDPR and Data Protection Act obligations 
  • Controller vs processor analysis 
  • GDPR audits and compliance reviews 

Data Mapping & Risk Assessment 

  • End-to-end data flow analysis 
  • Risk identification and mitigation strategies 

Documentation & Policies 

  • Privacy notices and internal policies 
  • Records of Processing Activities (ROPA) 
  • Data breach response plans
  • We also support incident response, including internal investigations, escalation processes and remediation strategies. 

Data Subject Rights 

  • DSAR handling and procedures 
  • Support with complex or high-risk requests 

DPIAs & High-Risk Processing 

  • DPIA preparation and advice 
  • Risk mitigation for new systems and technologies 

Data Sharing & Transfers 

  • Data sharing and processing agreements 
  • Cross-border transfer compliance 

Marketing Compliance 

  • PECR advice 
  • Consent and communication reviews 

Where regulatory scrutiny arises, our GDPR solicitors support you in dealing with the ICO, including preparing reports and demonstrating compliance. 

Speak To Our Team

Data Protection Case Studies

International technology business expanding into the UK

Client Intro

Our client is an international technology business providing software and systems to customers across multiple jurisdictions, including Australia and New Zealand.

Case Overview

We advised the client on a range of commercial and data protection matters in connection with the rollout of its services in the UK.

This included adapting existing overseas customer terms for use in the UK, preparing data processing documentation, and advising on compliance with UK data protection laws. The work required careful consideration of international data flows between the UK, Australia and New Zealand, particularly given the absence of an adequacy decision for certain transfers.

We also supported the client in establishing its UK presence, including corporate setup and employment documentation, ensuring the business was positioned to operate effectively in a new market.

Working alongside specialist advisers where appropriate, we helped the client implement a compliant and commercially practical framework for its UK operations.

 

“When supporting international businesses entering the UK market, it’s essential to align legal compliance with how the technology operates in practice. We focused on delivering a framework that achieved both.” – Richard Meehan, Partner

Reverse Rett – Reverse Rett App

We assisted Reverse Rett with the drafting of App terms and conditions and a Privacy Notice as part of the launch of its new Reverse Rett App aimed at matching clinical trials conducted by the pharmaceutical industry with potential patients. Our instruction consisted of a detailed data protection assessment to cater for the processing and sharing of special category personal data of minors by the App and third-party pharmaceutical companies.

International FinTech Software Provider

Drafting a suite of documents (including a Data Protection Policy, DPIA, Record of Data Processing Activities, and Data Breach Policy) for a software provider offering banking and peer-to-peer wallet solutions within the international Fintech sector.

IT and Tech Provider - Social Media Data Collection and Analysis

We assisted an IT and Tech provider offering social media data collection, harvesting and analysis services with the drafting of, and advising in relation to, their DPIA including  conducting an extensive data mapping exercise.

GDPR Audits

GDPR Audits for a plethora of our clients prior to the GDPR coming into effect. 

Watch: Data Protection and UK GDPR

FAQ’s

What level of fine could the ICO issue for a breach of data protection laws?

The Information Commissioner’s Office (ICO) has the power to impose significant financial penalties for breaches of UK GDPR and the Data Protection Act 2018. 

The maximum fine is the greater of: 

  • £17.5 million (or €20 million), or:
  • 4% of a company’s global annual turnover 

In addition to fines, the ICO can take enforcement action such as restricting or suspending data processing activities, which can have serious commercial consequences. 

Our data protection solicitors can advise on responding to ICO investigations, preparing regulatory reports, and protecting your position where enforcement action is threatened. 

What is a Data Subject Access Request (DSAR)?

A Data Subject Access Request (DSAR) is a request made by an individual to access the personal data your organisation holds about them, along with information about how it is used. 

This may include: 

  • Names and contact details 
  • IP addresses and online identifiers 
  • CCTV footage or images 
  • Employee records 
  • Customer account or transaction data 

Businesses must respond within strict timeframes and ensure the response is complete and compliant. 

We help organisations manage DSARs efficiently, particularly where requests are complex, high-volume or contentious. 

What rights do individuals have under data protection laws?

Under UK GDPR, individuals have a range of rights in relation to their personal data, including: 

  • The right to access their data 
  • The right to have inaccurate data corrected 
  • The right to request erasure (“the right to be forgotten”) 
  • The right to restrict or object to processing 
  • The right to data portability in certain circumstances 

Organisations must have processes in place to respond to these rights promptly and lawfully.

What privacy notices does my business need?

If your business processes personal data, you are required to provide clear and transparent privacy notices to individuals. 

A compliant privacy notice should include: 

  • What data you collect 
  • Why you process it and your legal basis 
  • How long you retain it 
  • Who you share it with 
  • The rights available to individuals 

You may need multiple privacy notices depending on your activities, for example: 

  • Employee privacy notices 
  • Customer privacy notices 
  • Website privacy notices 

Well-drafted notices help demonstrate compliance and build trust with your stakeholders.

What is a website privacy notice?

A website privacy notice explains how your business collects and uses personal data through its website. 

This includes data gathered via: 

  • Contact forms 
  • Cookies and tracking technologies 
  • User accounts or subscriptions 

It ensures compliance with transparency obligations and helps obtain valid consent where required. 

Your privacy notice should be clearly accessible at all points where personal data is collected.

What is “Big Data” in the context of data protection?

“Big data” refers to extremely large and complex datasets that are generated from multiple sources and processed at high speed. 

It is typically characterised by: 

  • Volume – large quantities of data 
  • Variety – data from multiple structured and unstructured sources 
  • Velocity – rapid processing and analysis 

Where big data includes personal data, it falls within the scope of data protection laws.

Does Big Data come under data protection laws?

Yes, where big data involves personal data, it must comply with UK GDPR and the Data Protection Act 2018. 

Examples include: 

  • Health or clinical trial data 
  • Location data from mobile devices 
  • Consumer behaviour and purchasing data 
  • Biometric or wearable technology data 

Organisations must ensure lawful processing, transparency, and appropriate safeguards when using such data.

What should businesses do when processing Big Data?

Businesses using big data must ensure compliance with core data protection principles, including: 

  • Processing data fairly, lawfully and transparently 
  • Collecting data for specific, legitimate purposes 
  • Ensuring data is relevant and not excessive 
  • Limiting retention to what is necessary 
  • Implementing anonymisation where possible 
  • Respecting individuals’ rights 

In many cases, a Data Protection Impact Assessment (DPIA) should be carried out to assess risks. 

What are the data processing recordkeeping requirements?

Most organisations are required to maintain a Record of Processing Activities (ROPA). 

This record should include: 

  • Categories of personal data processed 
  • The purpose and legal basis for processing 
  • Details of data sharing and transfers 
  • Retention periods 
  • Security measures in place 

Maintaining accurate records is a key part of demonstrating compliance and is particularly important in the event of a data breach or ICO investigation.

Why Work With Our IT/Technology Team

  • Myerson Solicitors' IT lawyers can provide businesses with extensive legal advice and support on a wide range of IT-related matters.
  • Members of the Society for Computers & Law
  • Active participants in the UK technology ecosystem
  • Working with Myerson Solicitors means you'll have access to legal experts who can support and help your business stay ahead of the curve in today's ever-evolving digital landscape.
  • An alternative to the major, regional, and national firms by offering high-quality Technology law advice from specialist solicitors, but on a much more cost-effective basis.
  • By working closely with our IT clients, we can ensure we meet their expectations for business operations and provide clear, specialist expertise. We are easy to deal with and understand that a common-sense approach is often required.
  • Extensive experience in dealing with a broad range of IT disputes, such as data protection and software development issues, giving businesses fast and helpful advice based on knowledge of their business, its history, and pressures.
  • A partner-led service and a genuinely accessible team of experienced IT law solicitors due to our size, structure, and unique culture.
  • Our Technology Solicitors are happy to discuss your situation in a free, no-obligation telephone consultation. We are committed to transparent pricing and will always discuss costs with you at the outset. Fixed fees and retainers may be available where appropriate.

We are trusted by founders, investors and in-house counsel who require commercially astute advice delivered with accessibility and strategic insight.

Get In Touch With Our Technology Team

Commercial Team Photo 3

Testimonials

boot and co Logo v2

Paul Hinchliffe - Managing Director, Bott & Co Solicitors

I would like to thank the team for their expertise, guidance and support throughout our transition to employee ownership. The move required careful planning across a range of legal, tax and governance matters. Simon Nolan and the wider Myerson team worked closely with us throughout the process, providing clear advice, practical solutions and reassurance. Their experience and collaborative approach helped us successfully navigate a complex transaction. We are extremely grateful.

Personal Testimonial

Mr Preston

Chris Moss's advice and support was exceptional. I would highly recommend.

Business Testimonials

Mr. Maitland, VendiTech

Myerson has been exceptional to work with, combining a high level of professionalism with a pragmatic, commercially minded approach. Communication is always clear, timely, and responsive, which gives us real confidence when navigating complex decisions. Chris, Charlotte and Richard provided invaluable support across multiple areas of our business. Their guidance has been instrumental to our continued success and has played a key role in giving us strong confidence around compliance as we scale and evolve.

Business Testimonials

Gary Johnson, CDL

The strength that Myerson brings to CDL and its group companies is an intimate understanding of our products and services and how they are utilised in the various sectors of our evolving marketplace. CDL and Myerson have worked together for over 10 years and in that time CDL have been fortunate to attract, court and secure many new contracts including large banking and global organisations.

Business Testimonials

Tim Webb, RTA Claim Solutions

Myerson have been hugely professional and supportive in providing expert legal advice to the business. For us, their quality of service and expert knowledge of commercial business was equally as important as their undoubted legal capabilities. We hope to be able to continue to work with them over the long term.

Business Testimonials

Tony Sampson , J2 Retail Ltd

Unphased by the ‘big names’ and frequently head to head with much larger firms, they have always worked effectively on our behalf as both a business and as shareholders, and have represented us extremely well in many complex and difficult situations. Myerson partners and lawyers have an excellent grasp of the commercial realities of our business – something that is equally as important as their undoubted capabilities as lawyers.

Business Testimonials

David Hibbert, Stax Trade Centres PLC

We were introduced to Myerson back in 1986 with a view to them advising us on our MBO. Myerson have always been there with clear, easily presented counsel as to how to deal with every aspect of business life. We respect their honesty and integrity and have no qualms in recommending them to any up and coming entrepreneurs.

Business Testimonials

Mr. Roberts, Communications Plus Ltd.

Chris Moss, Melisa Chaplow and Charlotte Peers have been exceptional. Thank you.

Business Testimonials

Mike Forsyth - Founder and Chairman, Safer Sphere

Myerson Solicitors acted for us in a complicated Management Buy-Out transaction. Akeel, Palma, Simon, Andrew, and the team supported completion in a tight time frame with the utmost professionalism and diligence. They coordinated and cooperated seamlessly with the wider advisors and stakeholders, ensuring full protection and compliance with the transaction. We have worked with Myerson on a number of legal aspects for over 5 years, and would highly recommend their services.

Personal Testimonial

Colin

Supported my business from the outset. Always there when needed. Superb integrity and pricing. Always gets the job done effectively with open dialogue and communication at every point. Yes I highly recommend.

Awards testimonials

Chambers UK Guide 2026

The Corporate team at Myerson is the perfect size for a balance between expertise and personal service.

Awards testimonials

Chambers UK Guide 2026

Myerson's Corporate team is attentive, available and technically knowledgeable.

Awards testimonials

Chambers UK Guide 2026

Myerson's Corporate Team were good to deal with and we worked well together.

Awards testimonials

Legal 500, 2024

Responsive, always willing to provide some direction, guidance and support, even at short notice, and, due to the familiarity of the business across the team, there are multiple contact points which means there is always somebody to speak to who understands our company and objectives.

Awards testimonials

Legal 500, 2024

The whole team is responsive and highly approachable, taking time to understand the business and framing legal matters in a manner understandable to the audience – working with a range of people across our business.

Awards testimonials

Legal 500, 2024

They have always looked at the whole picture and taken time to understand my business, so advice is tailored. No time-wasting and treated like I am their only client.

Awards testimonials

Legal 500, 2024

Well resourced and able team that expertly and adequately handle whatever we throw at them as our retained commercial lawyers.

Awards testimonials

Legal 500, 2024

Smaller boutique corporate team who are very responsive, professional and add value to corporate transactions.

Meet Our Technology Solicitors

Home-grown or recruited from national, regional or City firms. Our Technology lawyers are experts in their fields and respected by their peers.

Richard M

Richard Meehan

Richard is a Partner in our Commercial Team

Liv W final

Olivia Whittaker

Olivia is an Associate in our Commercial Team

Contact Our Experts

You can contact our lawyers below if you have any more questions or want more information:

0161 941 4000

Latest Myerson IT / Technology News