MacRoberts is now Morton Fraser MacRoberts. As we embark on this exciting journey, rest assured that we will continue to provide the same exceptional service to our loyal clients. Find out more

A Guide to Doing Business in Scotland Data Protection & Consumer Law in Scotland

The Information Commissioner’s Office (ICO) is the regulator responsible for overseeing compliance with the data protection laws in the UK and has the power to issue fines up to the higher of £17.5 million or 4% of annual worldwide turnover for material breaches.

UK Data Protection Act 2018

The UK’s Data Protection Act 2018 (DPA) (which, for all intents and purposes, incorporates the General Data Protection Regulation (GDPR)) governs the collection, use, storage and disposal of personal data throughout the UK.

The DPA provides individuals with significant rights to control their personal data. As a general rule, individuals must be provided with specific information at the time of their personal data being collected. When organisations enter into contracts with other organisations to process personal information on their behalf, the contracts must satisfy minimum requirements. Data breach reporting has become mandatory in certain cases.

The DPA introduced new arrangements for the processing of personal data by the police, prosecutors and other criminal justice agencies for law enforcement purposes and also for national security purposes. The DPA also ensures that sensitive health, social care and education data can continue to be processed provided certain conditions are met.

EU General Data Protection Regulation (GDPR)

If your organisation is a UK-based controller or processor with no offices, branches or other establishments in the European Economic Area (EEA) but which offers goods or services to individuals in the EEA or monitors the behaviour of individuals in the EEA, it will need to comply with the EU GDPR.

Your organisation may also need to appoint a representative in the EEA to represent it regarding its obligations under the EU GDPR. 

Consumer law

Under UK law, consumers have greater legal protection when contracting with businesses. For that reason, it is important for businesses to ensure that they are aware of the protections available to consumers and that their customer terms and conditions comply with applicable requirements.

A consumer is typically seen as an individual acting for purposes which are wholly or mainly outside that individual’s trade, business, craft or profession.

Scottish consumer law – 10 things to remember

  1. Contracts should be written in plain and intelligible language.
  2. Unfair contract terms are generally unenforceable.
  3. Unfair commercial practices (including their promotion) and misleading actions and omissions are not allowed.
  4. Liability cannot be limited or excluded for death or personal injury caused by negligence.
  5. Consumers have different statutory rights and remedies depending on whether the contract is concluded on the premises of the business, at a distance or off-premises. How a contract is concluded will also determine what prior information a customer should be given and in what form.
  6. Where contracts are concluded online or off-premises, consumers have a cooling-off period in which they can change their mind and cancel their order.
  7. Any contract term which has the effect of depriving a consumer of his statutory or common law rights and remedies for goods or digital content is void.
  8. Advertising must be legal, decent, honest and truthful. The Advertising Standards Authority oversees advertising codes.
  9. Manufacturers are strictly liable for defective products which cause harm or injury.
  10. Different rules apply to contracts for consumer credit and contracts for financial services.

Our Awards & Accreditations

  • In 2016, we were one of the first law firms in Scotland to become accredited Living Wage employers.

  • Shortlisted for Firm of the Year at the Scottish Legal Awards 2022.

  • Winners of Corporate & Commercial Team of the Year and Family Law Team of the Year at the Scottish Legal Awards 2020.

  • Our Real Estate team won the Property Team of the Year Award at the British Legal Awards in 2018.

  • Winner of SME of the Year at the Scottish SME Awards 2017, hosted by Scottish Business Insider.

  • Highly Commended for Commercial Team of the Year at the British Legal Awards 2016.

  • In 2019, MacRoberts achieved Cyber Essentials Plus certification, a UK Government entry-level information security standard.

  • MacRoberts holds the ISO 9001:2015 certification for Quality Management, the most widely recognised quality management system standard in the world.

  • Iso 14001 2015 Environmental Management

    MacRoberts holds the ISO14001:2015 certification for Environmental Management, demonstrating our ongoing commitment to environmental awareness.

  • MacRoberts holds the ISO27001:2013 certification for Information Security, an internationally recognised security gold standard.

  • Business continuity is a critical element of the Business Management System at MacRoberts and we hold full accreditation with the ISO 22301:2019.

  • MacRoberts is a member of IP Inclusive, a network of intellectual property professionals working to make our community more equal, diverse and inclusive.

  • We are active members of the PRIME Programme – an organisation that focuses on ensuring a career in law is open to talent from all economic and social backgrounds.

  • MacRoberts supports the Scottish Business Pledge, a values-led partnership between Government and business that is based on boosting productivity and competitiveness through fairness, equality and sustainable employment.

  • We are supporters of the Partnership for Change, a network of organisations and individuals who share a common ambition to improve diversity on boards and in senior leadership.

  • We are a member of the Employers Network for Equality & Inclusion (ENEI), a UK-based not-for-profit organisation which helps employers build and maintain diverse teams and inclusive cultures through our membership, training, and consultancy services.

  • MacRoberts was awarded enei's Silver TIDEMark for 2023. TIDE is enei's self-assessment evaluation and benchmarking tool which measures an organisation's overall approach and progress on diversity and inclusion.

  • MacRoberts is a Disability Confident employer, and are committed to disability equality across our firm.

  • MacRoberts fully supports flexible working practices and supports family-friendly working practices.

  • In 2022, MacRoberts received a Bronze Award in Stonewall's Workplace Equality Index for our commitment to LGBTQI+ inclusivity in the workplace.

  • MacRoberts is a longstanding member of Scotland Food & Drink, the leading trade association for Scotland's food and drink industry.

  • MacRoberts is an Associate Member of SELECT, Scotland's largest construction trade association.

MFMac: Morton Fraser MacRoberts
MacRoberts and Morton Fraser have now merged.

You can still contact us as usual, or find out more about Morton Fraser MacRoberts at