Data protection compliance service

Great team with deep knowledge and experience of this legal area.

The Legal 500
Data Protection

We are pleased to offer our data protection compliance service, a packaged, end-to-end legal service, designed to enable businesses to achieve UK GDPR compliance.


Since Brexit, businesses and other organisations that collect and use personal data in the UK need to comply with the UK General Data Protection Regulation (UK GDPR), plus the Data Protection Act 2018.

The UK GDPR broadly mirrors the EU GDPR. and sets out what organisations must do when collecting, storing, and using personal data. It applies not only to organisations based in the UK but also organisations in other countries if they offer goods or services to individuals located in the UK or monitor UK residents’ behaviour. In addition, if such organisations do not have a business presence in the UK, they will need to appoint a representative here to deal with any queries relating to data breaches or subject access requests.

The EU GDPR continues to apply to UK (and other) organisations that have an establishment in the EU, offer goods or services to individuals located in the EU or monitor EU residents’ behaviour. Such organisations need to comply with both the UK GDPR and the EU GDPR. If they do not have a business presence in the EU, they will need to appoint a representative in the EU to deal with any queries from individuals there.

What it means

Like the EU GDPR, the requirements of the UK GDPR are far-reaching. There is an emphasis on transparency and security when processing personal data, as well as individuals’ rights and mandatory notification requirements for certain data breaches. The obligation to be accountable requires organisations to put in place comprehensive policies and practices, as well as having organised record keeping. Key obligations such as ‘the right to be forgotten’ and ‘privacy by design’ impact upon how businesses interact with their customers.

Non-compliance presents not only reputational but also financial risk. Breaches are punishable by very significant fines of up to £17.5 million or 4% of global annual turnover, whichever is higher.

The solution: data protection compliance service

Our data protection compliance service is delivered in two key phases and has been developed by us in response to demand from clients who need a fast and cost-effective solution to data protection compliance.

Phase one: discovery

  • We agree a fixed price with you for the discovery phase.
  • Completion of a detailed questionnaire which covers your data processing activities as well as collation of your key legal documents.
  • Follow up consultation – to discuss key issues and explore in more detail.
  • Report – a follow up analysis report is created, in a simple red / amber / green format which outlines key gaps and covers both essential and recommended remediation.

Phase two: remediation

  • We agree a fixed price with you for the discovery phase.
  • Our remediation activities typically cover four key areas – these will be dependent on the findings from phase one:
    • strategy and governance
    • collection and consent
    • sharing and third parties
    • management, employees and data breaches.


Download our brochure for further detailed information:

Related expertise

Penningtons Manches Cooper LLP

Penningtons Manches Cooper LLP is a limited liability partnership registered in England and Wales with registered number OC311575 and is authorised and regulated by the Solicitors Regulation Authority under number 419867.

Penningtons Manches Cooper LLP