Data Protection & Security

We make protecting data simple

Experts in Data Protection and Privacy law to help you navigate the new world of information


Data is driving change. But it comes with new risks for your organisation. Our data protection specialists help you understand and implement programs for full compliance with the new data protection regime. Each of our partners is expert in their field, and will work alongside you as a trusted advisor all the way.

We provide the full array of data protection and security support; if you experience a data breach we can guide you, liaising with cybersecurity specialists to investigate and minimise the impact.

We are ready to help SME and OMB businesses; banks and building societies; software suppliers and resellers (particularly those processing personal data directly or indirectly); central government departments and agencies; healthcare providers (primary and secondary; and local authorities. Our expertise also covers financial services providers, the security and defence sector; professional services firms; charities; utilities; and passenger transport operators.

We are also able to represent data controllers and data processors who are facing monetary penalty notices and other sanctions by the Information Commissioner, as well as appeals to the First Tier Tribunal.

In addition we also advise clients on all aspects of the Freedom of Information Act (FOIA); Environmental Information Regulations; HRA; confidentiality; official secrets; Investigatory Powers Act; Computer Misuse Act and the Network and Information Systems (NIS) Directive.

Our approach is informed, pragmatic, risk-based, and commercially astute. In a new world of information, stay better informed.

Our work in Data Protection and Security includes:

  • Advising clients on how to comply with the new data protection laws
  • Auditing current practices and data handling to see where a client needs change to comply with data protection laws
  • Designing and implementing privacy policies and measures
  • Preparing the full range of contractual documents needed to show compliance with the new laws
  • Handling data breaches and engaging with the ICO
  • Assisting with penalty notices and sanctions faced by data controllers
  • Training companies on compliance with the new data protection regime in order to minimise the risk of data breaches
  • Representing data controllers and data processors
  • Reducing risk, penalties and sanctions
  • Providing peace of mind for in-house data protection officers and back-up where needed

Notable cases

  • We prepared various legal documents for a well-known sports club to implement and comply with the new data protection laws
  • We advised a household-name publication on its data protection compliance regime, including preparing its web publication and subscriber website for the new legislation
  • We advised on the full GDPR compliance programme for a large international bank
  • We worked with many SME businesses to enable them to be ready for implementation of the new data protection regime
  • We assisted a large charity to prepare new data protection handbook
  • We advised an Israeli company on marketing to businesses outside Israel, including carrying out legitimate business assessments as means for data processing

Who have our Partners worked with?

  • Vedbaek Limited, trading as The NAV People
  • Xactium Limited
  • Intelligent Telematics Limited trading as SureCam
  • MackayWilliams

Client testimonials

“Rebecca’s assistance in guiding us through our GDPR journey was invaluable. She explained the requirements of the new law in clear simple terms. She explained what we needed to do to become compliant and did so in a manner which meant our team never felt overwhelmed by the compliance exercise presented to us. Rebecca completed all the necessary legal documents and helped us to implement these with our clients and suppliers.”

– Matt Dredge, Director, The NAV People

“Rebecca has assisted us for many years, and as always her guidance in relation to data protection was to the point, pragmatic, effective and delivered with the usual speed and skill; she was always able to relate the legal point to our business and supporting processes which provided invaluable.”

– John Shelton, Director, Xactium Limited

“Rebecca guided us through the GDPR compliance process, and managed to clarify this somewhat complex area in a manner which meant our compliance program was much easier to organise and implement. She assisted us throughout the process, preparing all the legal documents required and was on hand, whenever needed, to answer our questions. Rebecca’s professionalism and expertise were invaluable.”

– Justin White, Managing Director, Intelligent Telematics Limited (trading as SureCam)

“The advice we received was pragmatic and easy to follow and resolved many of our misconceptions around the new laws. We would certainly recommend the expertise of gunnercooke for any business seeking to better understand the GDPR or requiring support in this complex area.”

– Diana Mackay, Joint CEO, MackayWilliams

“Working with Rebecca at gunnercooke to implement GDPR in our business has been completely invaluable. She has helped us navigate the at times confusing legislation in a way that was easy for us all to understand and implement in to our business. The help we received was clear and specific to our business which was just what we were looking for. It relieved a lot of pressure on the business knowing we could pick up the phone and have an expert to ask any questions to as and when they came up. The service we have received has been second to none and we would not hesitate to use or recommend gunnercooke in future.”

– Chantelle Brown, Data Protection Officer of Morgan Travel Limited, trading as First Event

Key contacts

Reading room - insights

Go to Reading room >