GDPR Compliance

Why should we care about GDPR compliance?

Protect your profits: We have all heard about the potential (eye-watering) fines for non-compliance with data protection laws – up to 4% of a business’s worldwide turnover or €20m, whichever is the higher.

Protect your reputation: More importantly, we have seen the negative press coverage when organisations get it wrong which can be very damaging to an organisations reputation and goodwill (British Airways and Marriott International come to mind!).

Compliance is a sell: Good data governance is increasingly becoming a requirement for ITTs, and compliance is an easy sell to potential customers. 


12 steps to GDPR compliance

The Information Commissioner’s Office (ICO) handy 12-step checklist highlights and codifies the essential steps for businesses to take in order to ensure compliance with the GDPR.


How can we help?

Our specialist team of solicitors can help organisations – both controllers and processors – to ensure full compliance with data protection law, and can do so in a number of ways to suit your business’s needs, such as:


Auditing and Data Mapping

To work towards compliance, you need to know where you currently stand. We can perform a data protection audit to identify any compliance gaps in your processes and recommend compliance solutions using a ‘traffic light’ coded action plan.

As part of this process, we help clients to ‘map out’ their data flows, which form the basis of an organisation’s record of processing activities. This means that, from the process we undertake, you are already on your way to working towards compliance requirements.

Training and Workshops

Key to compliance is awareness.

We can provide online training for employees and managers on a subscription basis which is a really useful tool for reaching large audiences quickly at a time and place that is convenient to them.

We can also provide interactive face-to-face training (on- or off-site) to allow staff to ask questions and work through practical examples. This training can be a general overview of data protection, or we can provide specific tailored workshops for your market sector and on key issues such as, for example, responding to subject access requests, dealing with personal data breaches, drafting GDPR-compliant contracts, fundraising, direct marketing, etc.

Template and Tailored Documents

We have a number of template guidance tools, policies, procedures and contracts that we can offer and tailor to your organisation’s functions, including:

  • Legal basis flowcharts
  • Privacy notice checklists and privacy notices
  • Direct marketing/fundraising flowcharts
  • DPO advice note and questionnaire
  • Template Data Protection Impact Assessment (DPIA)
  • Data protection policy and privacy standard
  • Personal data breach policy and procedure documentation
  • Procedure for data subjects’ rights
  • Guidance tools for determining roles of parties
  • Data processor GDPR checklist
  • Contracts
  • Consent

Tailored Advice and Assistance

We can also provide advice and assistance on all matters related to data protection and privacy. We have assisted a number of clients in various sectors with tailored advice on many practical areas, including:

  • Subject access requests
  • Personal data breaches [link to Data Breach page]
  • Direct marketing
  • Monitoring and tracking employees
  • Internal transfers
  • Data sharing arrangements
  • International transfers

International Transfers

We can assist on all matters relating to international transfers, whether this is within a group structure or simply as part of an ongoing business relationship.

We can assist you in ensuring that your international transfers are carried out in a lawful way, whether that be advising on Standard Contractual Clauses or how to join the EU-US Privacy Shield. Or, should your business require guidance on particular jurisdictions, we can assist you in getting that guidance through our vast network of global data protection experts.

  • "They are responsive and efficient, and there is a good depth of knowledge within the firm."


    Chambers UK Guide to the Legal Profession
  • MacRoberts LLP’s ‘excellent’ team is noted for its ‘quick turnaround time’ and ability to ‘deal with complex issues in an efficient manner’.

    Legal 500
  • "They are very good and very supportive - it feels like they are an extension of the business."

    Chambers UK Guide to the Legal Profession
  • "Let me thank you and your team for your time. Clearly, you present well, show mastery of your subject area and think on your feet."

    Major US Law Firm
  • "Their standards have been excellent - they are responsive and know the legal solutions but also the commercial considerations."

    Chambers UK Guide to the Legal Profession

GDPR & Cyber Security

Cyber security and key changes under the GDPR and UK Data Protection Act 2018 affect almost all businesses. Our online hub contains a wealth of information and insights on what your businesses should be doing to ensure full compliance with the law.

Latest updates from @MacRoberts