Shoredons & Co Legal

Our services —

Data Protection (UK GDPR)

Finding data protection scary? Try paying the fines.

What Is The UK GDPR?

The UK GDPR stands for the UK General Data Protection Regulation. It’s a piece of law that governs the way in which businesses can collect and use personal data. 

Failing to comply with the UK GDPR can lead to fines of up to £17.5m or 4% of global turnover (whichever is greater).

If you’re not sure whether your business is compliant with the UK GDPR, it probably isn’t. If that’s the case, your business may be investigated by the Information Commissioner’s Office (the ICO), and fined.

Complying with the UK GDPR is complicated – but it’s essential to operate properly. There’s no ‘one-size-fits-all’ approach to compliance. Instead, you’ll need to look at the data your business collects, and adopt processes, policies and security appropriate to the risks creates.

That’s where we come in. 

We offer a range of data protection services, from ad-hoc advice to full compliance packages.  

We’ll assess your business independently, and we’ll explain exactly what you need to do to comply with the UK GDPR. 

Remember – there’s more to compliance that simply uploading a Privacy Policy to your website. You’ll need a whole host of documentation.

We have extensive experience in helping businesses like yours tacklyethe UK GDPR. We’ll provide the exact documentation you’ll need.

Our Data Protection Services

We provide a whole range of data protection services, but here are just a few of the ways in which we can help:

UK GDPR Audits

Most businesses that come to us for help with UK GDPR are confused. They often have some basic documentation in place, but not much more. That’s usually not enough.

To address this, we offer cost-effective UK GDPR audits, enabling us to dig into the detail of the data being collected, and understand any gaps in compliance. We’ll then issue a list of recommendations that need to be implemented to reach that level of compliance you’re looking for.  

We’ll also implement those recommendations for you if needed. We’re here to help as best we can.

Our UK GDPR audits start from as little as £600 + VAT. If you’d like to discuss whether your business is compliant with the UK GDPR, get in touch. 

Data Controller /
Data Processor

Most businesses act as data controllers, but many also act as data processors. Data controllers and data processors have different obligations under the UK GDPR, with data controllers assuming the highest level of responsibilities. With that in mind, it’s important you understand which of those categories your business falls into.

We advise clients regularly on whether they’re acting as data controllers or data processors. We also outline their obligations when taking on those roles.

If you’re unsure, get in touch. 

Privacy Notices and
Privacy Policies

Whenever your business collects personal data, you’re required to provide certain information to any individuals that personal data relates to. This is often referred to as a privacy notice or a privacy policy.

Those documents need to include certain information to comply with the UK GDPR – including (i) details of the specific types of personal data you’re collecting, (ii) the reasons and purposes for collecting it, (iii) your lawful grounds for processing it, and (iv) who you’ll share it with.

All businesses collect and use personal data in different ways, so your documentation will need to be tailored to your business. 

If you need a privacy policy for your business, get in touch.  

Other Policies and

All businesses must have policies and procedures in place to ensure their staff process personal data in accordance with the UK GDPR. The length and content of those policies and procedures will vary from business to business.

If you need help, get in touch. We’ll look at the policies and procedures you currently have in place (if any), and we’ll provide you with the documentation you need to address any gaps. 

Risk Assessments

The UK GDPR requires all businesses to carry out data protection impact assessments (DPIAs) in certain circumstances – for example, when transferring personal data outside of the UK, or when adopting new technology. These assessments can be confusing, but they’re essential for UK GDPR compliance.

If you need to carry out a data protection impact assessment, or if you’re not sure whether you do, get in touch.

Personal Data

If your business has suffered a data breach, you have a major issue to deal with. You need to act immediately to demonstrate to the regulators that you’re taking any steps necessary to mitigate risk.

If you’ve suffered a data breach, get in touch. We’ll act quickly, and we’ll provide the guidance and support you need to help address the issue as quickly and efficiently as possible.  


Data protection training is a big part of compliance. Not only is it a legal requirement, but it’s also essential in ensuring your staff have the internal knowledge to comply.  

If you’re looking for training on the UK GDPR, get in touch. We provide a range of options. Whether you’re looking for a quick 1 hour online session, or a more hands on in-person event, we can help. 

We’ll tailor your sessions to your business, and we’ll deliver it on a date, and at a time, that suits you and your team. We’ll also include some time for Q&As, providing you with a great opportunity to speak with one of our a specialist solicitors.