Clear navigation of data privacy and protection.


Business is increasingly becoming ‘data driven’ and organisations must take steps to understand and comply with all appropriate data protection laws and practices.

With the largest data privacy team in Scotland, our specialist data protection lawyers have a real understanding of the issues presented by GDPR and DPA 2018 compliance and draw on extensive experience, acting for a wide range of clients in sectors including: financial services, energy, technology, retail/consumer and the public sector.

We guide our clients through the constantly evolving data protection landscape, helping them to meet their outcomes and objectives and plan for the future.

Our key expertise is in embedding a culture of GDPR compliance, international data flows, focussed M&A advice and breach response action. That’s why clients turn to us from across the UK and beyond, for focused and pragmatic data privacy advice and solutions.

Our data protection lawyers advise on all aspects of data privacy and protection including:

  • Data processing agreements
  • Corporate/M&A due diligence and audit
  • Data compliance audits and gap analysis
  • Data protection notices, privacy policies, retention and security policies
  • International data transfers, transfer impact assessments (TIA) and safeguard mechanisms
  • Standard Contractual Clauses (SCC) and Binding Corporate Rules (BCR)
  • Online marketing and advertising - obtaining consents and protecting databases
  • Complaints, investigations and enforcement action from the Information Commissioner
  • Data subject access requests
  • Data sharing in the public sector
  • Data security

We also offer a number of tailored data protection packages for clients, including compliance audits, regulatory helplines and training workshops.

Cyber security: Protecting you against data breaches and cyber attacks

With increasing amounts of data held in numerous formats, retaining control and protection of data is increasingly complex for businesses. A data incident can occur in a variety of ways from theft or loss of devices, to employee misuse or human error.

The firm's data protection, privacy and cyber security team covers all aspects from contractual obligations with suppliers, employee contracts, IT security and data protection, risk assessment, audit and review, and crisis management.  We can work with clients to mitigate the risk of “insider” threats (both malicious and innocent) and protect their data through a range of intellectual property rights.

Should data be lost, stolen or improperly destroyed or disclosed, our team has extensive experience in quickly and sensitively working to protect the integrity and confidentiality of the data and mitigate the damage.  This could include a number of steps, including conducting court order raids to secure stolen data, and obtaining emergency interim interdicts to prevent competitors exploiting data.

Equally, should a company find itself the subject of, or affected by, an attack or a raid we can help it through the investigative process as effectively as possible.

Get in touch to find out how we can help you and your business.