Clear navigation of data privacy and protection.

Business is increasingly becoming ‘data driven’ and organisations must take steps to understand and comply with all appropriate data protection laws and practices.

With the largest data privacy team in Scotland, our specialist data protection lawyers have a real understanding of the issues presented by GDPR and DPA 2018 compliance and draw on extensive experience, acting for a wide range of clients in sectors including: financial services, energy, technology, retail/consumer and the public sector.

We guide our clients through the constantly evolving data protection landscape, helping them to meet their outcomes and objectives and plan for the future.

Our key expertise is in embedding a culture of GDPR compliance, international data flows, focussed M&A advice and breach response action. That’s why clients turn to us from across the UK and beyond, for focused and pragmatic data privacy advice and solutions.

Key Contacts

David Goodbrand

David Goodbrand

Partner

Commercial Contracts

david.goodbrand@burnesspaull.com +44 (0)131 473 6125

Get in touch
Colin Miller

Colin Miller

Consultant

Competition

colin.miller@burnesspaull.com +44 (0)141 273 6828

Get in touch
Jo Mclean 003 Web

Jo McLean

Director

GDPR & Data Protection

jo.mclean@burnesspaull.com +44 (0)131 473 6016

Get in touch
Hazel Moffat Web 2025Update4

Hazel Moffat

Partner | Board Member

Public Law

hazel.moffat@burnesspaull.com +44 (0)131 473 6328

Get in touch
View all GDPR & data protection lawyers View all GDPR & data protection lawyers

Our data protection lawyers advise on all aspects of data privacy and protection including:

  • Data processing agreements
  • Corporate/M&A due diligence and audit
  • Data compliance audits and gap analysis
  • Data protection notices, privacy policies, retention and security policies
  • International data transfers, transfer impact assessments (TIA) and safeguard mechanisms
  • Standard Contractual Clauses (SCC) and Binding Corporate Rules (BCR)

We also offer a number of tailored data protection packages for clients, including compliance audits, regulatory helplines and training workshops.

Cyber security: Protecting you against data breaches and cyber attacks

With increasing amounts of data held in numerous formats, retaining control and protection of data is increasingly complex for businesses. A data incident can occur in a variety of ways from theft or loss of devices, to employee misuse or human error.

The firm's data protection, privacy and cyber security team covers all aspects from contractual obligations with suppliers, employee contracts, IT security and data protection, risk assessment, audit and review, and crisis management.  We can work with clients to mitigate the risk of “insider” threats (both malicious and innocent) and protect their data through a range of intellectual property rights.

Should data be lost, stolen or improperly destroyed or disclosed, our team has extensive experience in quickly and sensitively working to protect the integrity and confidentiality of the data and mitigate the damage.  This could include a number of steps, including conducting court order raids to secure stolen data, and obtaining emergency interim interdicts to prevent competitors exploiting data.

Equally, should a company find itself the subject of, or affected by, an attack or a raid we can help it through the investigative process as effectively as possible.

Get in touch to find out how we can help you and your business.

Related Services

Data Subject Access Requests

Data Subject Access Requests service to meet your business needs.

Related News, Insights & Events

Data And The Digital Economy Conf

Data and the digital economy: Managing risk and making the most of opportunities

30/09/2025 - Edinburgh


Data is everywhere – and the ways in which we’re collecting, processing and utilising it are constantly evolving, while regulation and governance best practice struggles to keep up.

Read more
Data Protection Complaints Set To Surge Are You Prepared

Data protection complaints set to surge: Are you prepared?

26/08/2025

The recently enacted Data (Use and Access) Act 2025 introduces some important changes to existing UK data protection laws.

Read more
Opinion Cyber Attackers Are Shopping Around For Weak Links In Retailers’ Supply Chains

Cyber attackers are shopping around for weak links in retailers’ supply chains

11/06/2025

Retailers face rising ransomware threats as attackers target weak links in supply chains. Now’s the time to prioritise cyber resilience before tougher laws come into force.

Read more

Want to hear more from us?

Subscribe here Subscribe here