Practical legal advice in plain English to help you protect data, earn trust, and stay compliant
Data is one of your most valuable business assets, but it’s often tightly regulated. From customer details to employee records and marketing databases, how you collect, use and store personal data matters to your employees and customers.
We help businesses of all sizes to comply with UK GDPR, the Data Protection Act 2018, PECR, and other privacy laws. Our approach to data protection is practical, proportionate, and tailored to for your day-to-day operations.
For exporters and multinational businesses, we provide global coverage as a founding member Privacy Rules, a network of legal, cybersecurity and communications experts.
Whether you’re reviewing privacy notices, dealing with a subject access request, or responding to a breach, we’re here to guide you in plain English. We’ll help you understand your obligations and risks and give you the tools to handle personal data confidently and responsibly.
We also work with clients on international data transfers, data sharing agreements, data protection impact assessments (DPIA) and training, offering a full, end-to-end service that reflects how you actually use data in your business.
Data protection is more than a box-ticking exercise. It’s part of how your business builds confidence, delivers services and stays competitive.
Specialising in Data Protection & Privacy Law law
Data protection programme development
We help you put robust systems in place to manage personal data with confidence. This could include personal data audits, mapping how data flows through your organisation, identifying compliance gaps and reviewing third-party suppliers. The result? A tailored compliance plan that supports your daily operations.
Direct marketing compliance
Your marketing strategy should build trust, not risk. We help you to
ensure your campaigns comply with the UK GDPR and PECR, covering consent for cookies and direct marketing, contact lists, and opt-out options. so you can connect with your audience without crossing legal lines or damaging your reputation.
Outsourced DPO service
If your business needs a data protection officer but doesn’t have the resources to appoint one in-house, we can help, in close cooperation with CSS Assure, part of the Ampa Group. CSS Assure can provide your DPO on a flexible basis, with ongoing support, guidance and regulatory oversight tailored to your needs.
Data incident and breach preparedness
When a data breach happens, timing and advice are everything. We help you act fast, to manage legal risk and protect your reputation. Our solicitor-led breach response service is designed to give you the advice you need at a most challenging, with the benefit of legal advice privilege when possible.
Privacy notices and internal policies
We draft clear, accurate privacy notices and internal policies in plain English, without legalese. You get practical, reader-friendly documents to provide transparency to your customers and staff about how you use and protect their information.
Data subject rights (DSARs) and erasure
Handling data subject access or erasure requests can be time-consuming. They always pose a risk of complaints, especially if not managed properly. We guide you through DSAR and the “right to be forgotten”. Where needed, we can also provide cost-effective and scalable document review and redaction.
International data transfers
Transferring personal data across borders can require additional safeguards, depending on the destination. We help you with Transfer Risk Assessments and choosing suitable transfer mechanism under the applicable law, such as International Data Transfer Agreements or standard contractual clauses. Speak to us about how to keep data flowing legally and securely, wherever your business operates.
Regulatory investigations and enforcement
Investigations by the ICO or another data regulator can be stressful. We can support you at every step of these unfamiliar processes. From responding to initial enquiries to managing enforcement action or appeals, we’ll help protect your position and manage your potential exposure.
Why choose Shakespeare Martineau?
- Our team offer prompt and professional service, whether through in-person meetings or virtual consultations, you can trust that our advice will be timely and professional, helping you feel confident in your legal matters, every step of the way
- We provide advice that is not only pragmatic and quick but also easy to understand. Every lawyer in our firm is approachable, helpful, and committed to offering reliable legal solutions, making the process straightforward for clients
- Our clear and easily understandable approach has kept clients coming back for years, knowing they can depend on us for comprehensive legal support time and time again
- Our clients regularly highlight the exceptional expertise and professionalism of our lawyers. Our team cares deeply about every aspect of your case, ensuring you receive a thorough and attentive service
Straight-talking, practical advice that works in the real world
We don’t overcomplicate things. Our data protection experts give you clear, actionable guidance that fits how your business actually operates, so you can stay compliant without slowing down.
Full support from day-to-day compliance to data breach response
Whether you need help responding to a DSAR, reviewing your privacy notices, or dealing with a serious personal data breach, we’re by your side offering fast, effective support whenever and however you need it.
Legal advice with added technical and cyber insight
As CSS Assure is part of our group, we offer more than just legal advice. We bring cyber resilience, risk assessments and breach preparedness together under one roof, giving you stronger, smarter protection.
Outsourced DPO and scalable solutions for growing businesses
Do you need a data protection officer but not a full-time hire? Outsourced DPO services, backed by our specialist data protection solicitors, provide a flexible solution. DPO as a service offers scalable support for data protection programme development, training, audits and ongoing compliance monitoring, all tailored to your size, risk profile and budget.
Meet our Data Protection & Privacy Law team
Andrew Whitehead
Partner & Head of Energy
Carys Thompson
Partner & Head of Sheffield
Nicholas Briggs
Partner & Head of Intellectual Property
Selina Hinchliffe
Partner & Head of Commercial Services
Ed Wright
Partner
Kerry Russell
Partner
Mark Bartholomew
Partner
Mark Thompson
Partner
Martyn Thorpe
Partner
Mauro Paiano
Partner
Sushma Maharaj
Partner
Trevor Fenton
Partner
Bhikhu Samat
Legal Director
Daniel Kelly
Legal Director
Stewart Argo
Legal Director
Building a responsible business
Our commitment to sustainability and social impact
We are an accredited B Corporation that is committed to driving positive change in our communities, minimising our impact on the environment, and ensuring an all inclusive diverse and supportive culture for our people.
Wherever you are on your journey, our Data Protection & Privacy Law specialists are here to answer any questions you might have
If you’d like to speak to a member of our team, please fill out the enquiry form. We will aim to reply to your query within 2 hours
Need to talk to someone sooner? You can call use at the number below
Call Us: 0330 024 0333
Data Protection & Privacy Law FAQs
If your business offers goods or services to people in the UK or monitors their behaviour (e.g. through website tracking), you must comply with UK GDPR. We can help assess your obligations and put the right safeguards in place, even if you’re based overseas.
You must respond within one month, providing a copy of the individual’s personal data and explaining how it’s used. However, it can get complicated. Your response cannot infringe the data protection rights of others. We advise clients on every step, from identifying personal data that’s in scope to reviewing documents at scale and redacting third-party data from your responses.
