GDPR Compliance
GDPR Compliance
We advise on your obligations under UK GDPR and the Data Protection Act, helping you understand what applies to your business and where the risks sit.
Call us on 01483 451900
Commercial & Corporate
Data Protection (GDPR)
Clear Advice on Managing Personal Data Properly.
Most businesses hold more personal data than they realise, and the rules around how that data is used, stored, and shared are strict. The risk is not just regulatory action, it is reputational damage and loss of trust.
At Gordons Partnership, we help businesses understand what the law requires and how to apply it in practice. Our advice is straightforward, focused on helping you stay compliant without slowing your business down.
Whether you are building systems, running marketing campaigns, or managing customer data, we make sure your approach is legally sound and workable day to day.
Our Expertise
-
-
Privacy Notices and Policies
Privacy Notices and Policies
We draft and review privacy notices, cookie policies, and internal data protection policies, ensuring they are clear, accurate, and aligned with how your business actually handles data.
-
Data Sharing and Processing Agreements
Data Sharing and Processing Agreements
Where data is shared with third parties, we prepare and review agreements that clearly set out responsibilities and reduce the risk of misuse or breach.
-
Subject Access Requests (SARs)
Subject Access Requests (SARs)
We guide businesses through handling SARs and other data rights requests, ensuring responses are compliant, timely, and properly documented.
-
Data Retention and Governance
Data Retention and Governance
We help you define how long data should be kept, how it should be stored, and when it should be deleted, creating processes that are practical and defensible.
-
Data Breaches and Risk Management
Data Breaches and Risk Management
If something goes wrong, we provide clear advice on next steps, including reporting obligations, internal investigation, and managing risk.
Our Approach
Data protection advice only works if it fits into your day-to-day operations.
We take the time to understand how your business uses data in practice, then shape policies and processes that your team can actually follow.
You get clear guidance on what matters, where to focus, and how to stay compliant without overcomplicating things.
Why Businesses Choose Gordons Partnership
Clients choose us because we combine legal expertise with real-world understanding.
Clarity, practical advice that cuts through regulation
Commercial awareness, solutions that work in real business settings
Responsiveness, support when issues need to be handled quickly
Confidence, knowing your approach stands up to scrutiny
Frequently Asked Questions
Do all businesses need to comply with GDPR?
Yes. If you handle personal data in any form, GDPR obligations will apply.
Can you review our current policies?
Yes. We regularly audit existing policies and update them to reflect current law and actual business practice.
What should we do if there is a data breach?
Act quickly. We can guide you through reporting requirements, risk assessment, and next steps.
What counts as personal data under GDPR?
Personal data includes anything that can identify an individual, such as names, email addresses, phone numbers, and IP addresses. It is often broader than businesses expect.
Do we need a privacy policy even if we are a small business?
Yes. If you collect or use personal data, you need to explain how you use it in a clear and accessible way, regardless of your size.
How often should we review our data protection practices?
Regularly. As your business changes, your use of data often changes too. Policies and processes should be reviewed to make sure they still reflect what you are actually doing.
Do we need a Data Protection Officer (DPO)?
Not all businesses do. It depends on the type and scale of data you handle. We can help you assess whether a formal DPO is required or if a lighter approach is appropriate.
Can we send marketing emails to our existing customers?
In some cases, yes, but there are rules around consent and opt outs. We can help you structure your marketing in a way that stays compliant.
What should be included in a data processing agreement?
It should clearly set out how data is handled, who is responsible, and what happens in the event of an issue. We make sure these agreements are clear and workable.
How do we handle requests from individuals about their data?
Individuals have rights to access, correct, or delete their data. You need a clear process to respond within set timeframes, and we can help you put that in place.
Can we store or transfer data outside the UK or EU?
Yes, but there are strict rules. We can advise on how to structure transfers so they meet legal requirements.
What are the risks of getting GDPR wrong?
The risks include regulatory fines, but also reputational damage and loss of customer trust. Getting the basics right early reduces that risk significantly.
Meet our commercial team
If you need advice on any commercial matter, please do not hesitate to contact our commercial team.
Speak to Our Commercial Team
Gordons Partnership, clarity and confidence in legal advice, from people you can trust.
If you’d like to talk about how we can support your business, contact our Commercial Law team.
