Company Commercial Law

Data Protection & GDPR

Ensure compliance with the law relating to control and processing of data.
When entering into any commercial contract, businesses should ensure that the relevant data protection aspects are addressed.

Why seek legal advice

All businesses must deal with personal data in accordance with the law. When entering into any commercial contract, businesses should ensure that the relevant data protection aspects are addressed. The obligations of your business may differ depending on the circumstances of the data subject.

Our data protection experts can help.


  • Advice on contracts involving data sharing
  • Assistance with mitigating compliance issues
  • Advice on acquisition/use of data
  • Advice on data retention period
  • Advice on your rights to your data
  • Clarity on obligations of data controller
Data protection solicitor
Dispute resolution lawyer

Why choose HK Law?

The team at HK Law has considerable experience in dealing with data protection and compliance issues. We can advise businesses on the data protection issues arising from the processing of data by external IT providers.

Cross-border contracts present particular issues for businesses.  Outsourcing to data processors in various territories present different issues.

  • We make the technical issues understandable.
  • We address the contractual issues in a way that balances the needs of the business with the regulatory obligations of the parties.
  • We advise on the differences between UKGDPR and the data protection obligations of overseas data processors.
  • When buying and selling businesses and shares, any issues concerning the relevant data protection regimes are identified early to speed the due diligence process.
  • We advise businesses faced with subject access requests.
  • We frequently advise on how to deal with an unplanned disclosure of data.
Martin Varley HK Law

Your questions answered

Martin Varley – Partner, Corporate & Commercial Law Team
  • What sort of information is ‘data’ which is protected by law?
    Data is information that is stored in a way that it can be retrieved by the user. Data may be held in a system which is operated manually or electronically. Personal data is protected. “Personal data” is information which can be used to identify a living person. Where the identity of an individual is permanently removed, the data ceases to be personal data.
  • What is GDPR? Is it different from UKGDPR?
    UKGDPR is the UK version of the EU’s General Data Protection Regulations 2016. Since Brexit, UKGDPR has diverged from GDPR which applies in the rest of the European Union. For example, under UKGDPR, personal data cannot be exported out of the UK unless safeguards are in place. By contrast, GDPR allows data to be freely moved from one EU country to another.
  • What sort of personal data is protected?
    Personal data is any information which can be identified as relating to the data subject or which comments on them or their behaviour. So, for example, a postal or email address, date of birth, passport number, etc, or the transcript of a telephone conversation, are all personal date if they can be linked to a named individual.
  • What is pseudonymisation? How does that work?
    This is deleting the identity of an individual in the data. This can be replaced with, say, a number, so that the data subject cannot be identified. Only keep personal data when absolutely necessary. In some cases, it is possible to identify the data subject using information which ought to be kept separately.
  • What is a subject access request (SAR) and how is a SAR made?
    A SAR is a request made by or on behalf of an individual for information about which they are entitled to ask. A SAR does not have to be in writing. It can be in any form. The Information Commissioner’s Office (ICO) suggests that a post on social media might be a credible SAR. A SAR must be responded to as soon as practicable and within one month, unless the request is complex.
  • What rights does a data subject have?
    In relation to their personal data, every individual has rights: * to be informed about its use; * of access; * to rectification; * to erasure or to restrict processing; and * not to be subject to automated decision-making. This is a complicated area. There are often claims concerning the lawfulness of retention and processing of data. We can provide advice to help you avoid breaches.
  • What is a data breach and what does one do about it?
    A data breach is the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. If the breach is likely to adversely affect a data subject’s rights and freedoms, the subject must be informed without undue delay. The breach must also be reported to the ICO within 72 hours. We are often the first call the client makes in such circumstances.
  • How would I know that a breach has taken place?
    All employees should be aware of, and be ready to trigger, systems and controls if a data breach occurs. Adopting a ‘no blame culture’ is key. Businesses should promote a willingness to self-report seemingly trivial incidents to build confidence in those systems and controls. We can help you formulate a plan ready for implementation in case a data breach occurs.

By Darren Francis, Associate Solicitor

Find a Company Commercial Law expert in your area

HK Law Blandford office


The newest of the HK Law offices and proud to service the people and businesses of Blandford and the surrounding area.

HK Law Bournemouth office


Our Bournemouth Solicitors, based at our office in Southbourne, are here to support you with all the personal and business legal needs.

Somerset Solicitors


HK Law’s history in Crewkerne dates back to 1749, making it the longest standing solicitors firm in the country.

HK Law Blandford office


With offices at 40 High West Street and 1 Colliton Walk, our expert team provides a comprehensive range of legal services to the people of Dorchester and surrounding areas.

HK Law Parkstone office


Our Parkstone solicitors, based in the heart of Ashley Cross, are here to offer you expert local legal advice.

Poole Solicitors


Our HK Law team in Poole assist local clients with their legal requirements.  Local to you, we are always on-hand to meet up whenever it suits you.

HK Law Swanage office


HK Law have held a strong presence in Swanage for generations. When it comes to client care, we pride ourselves on a modern approach backed up by traditional values.

HK Law Wareham office


Wareham is the office from which HK evolved. Today our Wareham office prides itself on offering the town a full range of legal services whilst keeping things simple and personal.

Our Data Protection & GDPR team

Associate FCILEX

Managing Partner

Chartered Legal Executive

Private Client Executive


Conveyancing Executive



Associate Solicitor