GDPR | Data Protection

Data protection has never been such a hot topic, with stories of global organisations breaching our privacy frequently making headline news. 

We've seen a huge rise in the profile of data protection with the arrival of the GDPR. This accompanied by the Data Protection Act 2018, acts as a significant step change in the way all organisations must use personal data, regardless of their size or sector.

All organisations use personal data to some extent. Whether it relates to their employees, members, suppliers or customers. All businesses need to know what they need to do to comply with the new law.


Many of the new requirements are simply taking 'best practice' procedures and making them mandatory for businesses. Most organisations now keep vast amounts of personal data whether it's in the form of emails, marketing databases, employment files, etc. If this information is misused, the impact can be substantial. We must take the appropriate care of the personal data we hold.


Complying with the GDPR can seem a bit overwhelming. Our role at Carbon Law Partners is to simplify GDPR compliance and help you meet your new obligations in a way which is cost effective and commercially pragmatic. And we've got considerable experience in helping a wide range of organisations do just that, from global corporations and high street retailers to industry regulators.   


At Carbon Law Partners, we provide a wide range of data protection services which include:

  • Providing an external Data Protection Officer (DPO) for your business or ongoing legal support for your DPO.

  • Delivering training and workshops for boards and employees on the GDPR along with practical guidance on how it impacts your organisation.

  • Overseeing data audits to understand exactly what personal data you are processing and why – this is essential for creating accurate data protection records and privacy notices.

  • Reviewing and drafting key data protection policies, procedures and precedents to ensure GDPR compliance such as: privacy notices; DPIAs; data breach procedures, subject access guidance, etc.

  • Reviewing and varying data processing contracts to ensure they all include the required obligations and information.

  • Overseeing the handling of subject access requests including document reviews and redactions.

  • Data breach support including practical strategic advice and providing legal representation before the Information Commissioner's Office.


We'd be delighted to give you are overview of GDPR - what you need to do, and by when.  We can chat you through the range of new obligations such as:

  • Privacy Notices

  • Record Keeping

  • Data Processing Agreements

  • Data Protection Impact Assessments

  • Data Protection Officers 

  • Data Breaches 

We'd love to hear from you. Drop us an email or give us a call.