The largest legal team in Scotland dedicated to data privacy & protection and managing cyber security incidents.
Central to the efficient operation of businesses and organisations of all types is the ability to collect and manage data quickly and safely. In an increasingly challenging environment for data security, we’ve assembled the leading data protection & cyber security team in Scotland to support our clients in that objective.
Our team of dedicated data & regulatory protection lawyers will help navigate what can be complex data privacy laws and regulation, to ensure your data strategy and processes are compliant with current and forthcoming regulation.
We’re equally expert at times of crisis and, as the risk of cyber-attacks grows year on year, we can support you through data breaches and cyber-attacks whether these are large scale, external attacks or smaller, localised events relating to employee actions.
Working with clients across the UK, our integrated team of data and cyber security experts have worked extensively across a wide range of sectors and markets covering all aspects from contractual obligations with suppliers, employee contracts, IT security and data protection, to risk assessment, audit and review, and crisis management.
Please contact us for an early-stage discussion on any concerns regarding your data and cyber security and sign up for our data protection & cyber security updates and events. For more details on our services please explore the dedicated pages below.
Burness Paull is a member of Cyber and Fraud Centre Scotland's National Incident Response Cadre.
Our comprehensive data protection & cyber security offering encompasses expertise and support for clients whether they want to check they have the necessary safeguards in place to protect their data and ensure regulatory compliance, need advice on licensing and commercial agreements, or require an urgent and expert incident response service following an attack or breach.
Services include:
- Assessments and audits
- Agreements
- Compliance and policies
- Investigations
- Licensing and commercialisation
- Breaches, including formulation and implementation of a response plan, and remedial action

Key Contacts

Hazel Moffat
Partner | Board Member
Public Law
Hazel is a partner Public Law and Regulatory division, and has represented clients including the Scottish, UK and EU Governments.

David Goodbrand
Partner
Commercial Contracts
David specialises in advising clients on outsourcing arrangements, IP licensing, complex commercial contracts, fintech and the use of information.

Jo McLean
Director
GDPR & Data Protection
Jo provides strategic advice on the complex interactions between data protection and broader digital regulatory areas such as ePrivacy.

Colin Hulme
Partner | Board Member
Intellectual Property
Colin is head of IP, he is the only IP litigator in Scotland with a Band 1 ranking in Chambers UK and in the Legal 500 Hall of Fame.

Lynne Gray
Partner
Health & Safety
Lynne handles contentious and non-contentious regulatory compliance issues, helping clients every step of the way.

Joanna Fulton
Partner
Dispute Resolution
Joanna is divisional head of our Dispute Resolution team. She advises on a wide range of commercial disputes, often multi-party cross-border claims. She has unrivalled experience in group litigation.

Nick Warrillow
Partner
Dispute Resolution
Nick has experience of advising individuals, corporates and financial institutions in connection with a range of complex and high-value disputes.
Related Practices
GDPR & Data Protection
Precise navigation of data protection, privacy and cyber-security.
Data Subject Access Requests
Data Subject Access Requests service to meet your business needs.
Cyber Attacks & Data Breaches
Mitigating the risks of, and responding to, cyber security incidents.
Related News, Insights & Events

Data and the digital economy: Managing risk and making the most of opportunities
30/09/2025 - Edinburgh
Data is everywhere – and the ways in which we’re collecting, processing and utilising it are constantly evolving, while regulation and governance best practice struggles to keep up.

Data protection complaints set to surge: Are you prepared?
26/08/2025
The recently enacted Data (Use and Access) Act 2025 introduces some important changes to existing UK data protection laws.

Cyber attackers are shopping around for weak links in retailers’ supply chains
11/06/2025
Retailers face rising ransomware threats as attackers target weak links in supply chains. Now’s the time to prioritise cyber resilience before tougher laws come into force.