News and Publications

Data protection FAQs

Posted: 17/09/2018

We are committed to treating your personal data properly and lawfully. These FAQs explain how we handle and protect the information you provide.

Why are you sending me this email?

The law on data protection changed this year when the General Data Protection Regulation (GDPR) was implemented. We want to make sure we are transparent and clear about how we look after your personal data.

Who has responsibility for data protection within the firm? 

We have appointed a Data Protection Officer (DPO) who can be contacted at:

Data Protection Officer | Matrix House | Basing View | Basingstoke | RG21 4DZ
T: +44 (0)1256 407100   | E:

Our DPO works with all departments at the firm and reports regularly to the firm’s management board. We reviewed and updated our systems, processes and policies ahead of the EU General Data Protection Regulation and the UK Data Protection Act 2018.

In addition, all our staff are encouraged to take personal responsibility for the information they manage.

How do you ensure staff deal with personal data appropriately?

We have updated our internal procedures and policies and reviewed our systems. We have invested in data protection training for all staff and partners of the firm, including staff of Intelligent Office who work closely with us in the provision of our services. All new staff joining us receive the same training. Data protection training has been added to our regular ongoing training schedule.

We have set up an ongoing audit process to ensure we continue to manage personal data appropriately. Our DPO and risk and compliance team provide data protection guidance internally, manage data protection elements of external contracts and work with our information security team to ensure we have appropriate technical and organisational measures to keep personal data safe.

We will only ever use your personal data to provide you with legal services or in the legitimate interests of the business. We will never sell your data to anybody else.

Does the firm have any kind of certification?

Penningtons Manches LLP is registered as a data controller with the Information Commissioner’s Office with registration number Z6414666. Our associated entities PennTrust and Penningtons Manches (US) LLP have separate registrations. Our DPO is a GASQ certified Data Protection Practitioner.

As a law firm, we are registered with the Solicitors Regulation Authority.

We also have external accreditations: Cyber Essentials Plus and PCI-DSS (payment card industry standard).

How do I find out more about how you use personal data or what my rights are?

Please see our privacy policy and if you have further questions, contact our DPO using the details above.

How will you tell us about changes to your privacy policy?

We will publish any changes to our privacy policy on our website.

Arrow GIFReturn to news headlines

Penningtons Manches Cooper LLP

Penningtons Manches Cooper LLP is a limited liability partnership registered in England and Wales with registered number OC311575 and is authorised and regulated by the Solicitors Regulation Authority under number 419867.

Penningtons Manches Cooper LLP