Clear navigation of data protection, privacy and cybersecurity.


The data protection and privacy landscape has changed. Since GDPR came into force on 25 May 2018 followed by the Data Protection Act 2018, organisations have had to reconsider the way they deal with and share personal information.

Burness Paull's specialist data protection lawyers have a real understanding of the issues presented by GDPR and DPA 2018 compliance and draw on extensive experience,.acting for a wide range of clients including large multinationals, large public authorities; financial services institutions, sports teams, retail clients, charities and third sector organisations, high-tech businesses and leading food and drink brands. We provide guidance through the data protection landscape, helping ensure they comply with the regulations.

Our data protection lawyers advise on all aspects of GDPR and data protection including:

  • handling complaints and investigations from the data protection regulator (the Information Commissioner’s Office)
  • subject access requests
  • data sharing
  • International data transfers
  • data monitoring
  • data security
  • contractual provisions
  • fair processing and consent

We also offer a number of tailored data protection packages for clients, including helplines and training workshops.

Protecting you against cybersecurity attacks and breaches:

With two-thirds of large UK businesses and 40% of small businesses hit by a cyber breach or attack in the last year, mitigating the risks and ensuring you know what to do should your business become a victim of cybercrime is fundamental.

The firm's cybersecurity team covers all aspects from contractual obligations with suppliers, employee contracts, IT security and data protection, risk assessment, audit and review, and crisis management.

Should your information be stolen our team has extensive experience in conducting court order raids to secure stolen data and to obtain emergency interim interdicts to prevent competitors exploiting it. This may involve IT forensics consultants or “Dawn Raid” applications.

Equally, should your business find itself the subject of a raid we can help you through the investigative process as effectively as possible. We advise organisations that have suffered or are facing computer misuse offences which are very broad in nature, and can include unauthorised access to computer material or making, supplying or obtaining information which can be used in computer misuse offences.

Get in touch to find out how our data protection lawyers can help your business: