Data Protection Services

Data protection
laws are changing
Don't risk the fines.

If your business does not comply with the UK GDPR, it could face fines of up to £17.5m or 4% of annual global turnover (whichever is higher). These fines can cripple businesses.

If you are like many business owners, and you’re unsure as to whether your business is compliant with the UK GDPR, we can help.

Our data protection lawyers have extensive experience in helping clients like you, implement policies, procedures, and documentation, to comply with the UK GDPR.

Complying with data protection laws is complicated. Like we do with other clients, we’ll put our expert knowledge and skills to work, to ensure you’re compliant, shielding you from the fines.

Speak with one of our data protection solicitors today by calling 0203 7292 388 to book a free consultation or schedule a free online consultation now.

What Is The UK General Data Protection Regulation (UK GDPR)?

The UK GDPR is a regulation governing how businesses may collect and use personal data. If you’ve not addressed the UK GDPR within your business, it’s highly likely it won’t be compliant.

If that’s the case, your business may be investigated or fined.

Personal data is defined as any information that relates to an identifiable individual. According to the UK GDPR and the Data Protection Act 2018, protecting that personal data is essential to running a lawful, compliant, and ethical business.

We make a big difference to our clients' businesses. Don't take our word for it.


The UK GDPR includes seven essential principles:

  • Lawfulness,fairness, and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

It also places a whole range of other obligations that businesses need to comply with. 

Unfortunately, there’s no ‘one-size-fits-all’ approach to data protection. Instead, each business needs to consider its own processes, and implement unique processes, procedures and documentation, based on how it collects and uses personal data.

At Shoredons & Co Legal, we review each case separately. We advise our clients on exactly what they need to do, to comply with the UK GDPR. We’ll also help them implement policies, procedures, and other documentation, to reach the level of compliance they’re looking for. 

Our Data Protection Services

We offer legal advice and guidance on a range of UK GDPR issues related to your business practices. The following are just a few of the many data protection issues we regularly handle for our clients.

UK GDPR Audits

Understanding the obligations placed on your business under data protection laws is essential for complying with the UK GDPR. At Shoredons & Co Legal, our data protection solicitors offer low-cost data protection audits, enabling us to understand your business and the personal data it collects. We then provide recommendations to you by email, on exactly what you need to do to comply with the UK GDPR. If you’d then like assistance implementing our recommendations, then we’re here to help.

The cost of our data protection audits starts from £450 + VAT.
Most businesses act as data controllers, but many also act as data processors. Data controllers and data processors have different obligations under the UK GDPR, with data controllers assuming the highest level of responsibilities. With that in mind, it’s important you understand which of those categories your business falls into.

We can advise you on whether your business is acting as a data controller or a data processor, along with the obligations you’ll need to comply with.

Data Controller /
Data Processor

Privacy Notices and
Privacy Policies

Whenever your business collects personal data from customers, clients, suppliers, staff, and any other third parties, you must provide certain information to them. For example, you’ll need to provide details of the types of personal data you’re collecting, the reasons and purposes for collecting it, your lawful grounds for processing it, and who you’ll share it with. This information is usually set out in a Privacy Notice or Privacy Policy.

We see many businesses downloading template Privacy Notices and Privacy Policies from the internet, and simply implementing them within their business. That creates risk, as all businesses process data differently – so what might be compliant for one business, might not be for another. 

Our data protection experts prepare fully-compliant and bespoke Privacy Notices and Privacy Policies, containing all of the necessary information required by the UK GDPR, and ensuring they accurately reflect your business processes.
The UK GDPR places an obligation on all businesses to have policies and procedures in place, to comply with the UK GDPR. The length and content of those policies and procedures vary across businesses. At Shoredons & Co Legal, we look at each client separately. We’ll review the policies and procedures you have in place (if any) to deal with data protection compliance, and we’ll report back to you with a list of documentation you’ll need to implement. We’ll then prepare that documentation for you if needed.

Other Policies and

Risk Assessments

The UK GDPR requires businesses to carry out risk assessments in various circumstances – for example, when transferring personal data outside of the UK, or when adopting new technology. These risk assessments can be confusing, but they’re essential for UK GDPR Compliance.

We can guide you through this process, and provide you with the documentation you need to ensure you’re complying with this requirement.

If your business has suffered a data breach, or if your personal data has been compromised, we can advise you about the best next steps. Navigating data breaches properly is essential to minimising the damage (from both a financial and a reputational perspective). At Shoredons & Co Legal, we’ve spent years advising on data protection laws, and we have the rare skills needed to provide sound advice on the handling of data breaches.

Personal Data


The UK GDPR places an obligation on all businesses, to ensure that staff receive sufficient data protection training. We can provide that training – ensuring you comply with the UK GDPR, but also ensuring you have the internal knowledge you need within your business to manage risk accordingly.