GDPR & Data Protection Law

Kingsley Napley’s GDPR and Data Protection team brings together extensive specialist experience advising individuals, businesses and public bodies on all types of data protection issues.

Find out how we can help

Data protection law is an issue that cannot be ignored, especially given the enhanced rights and obligations of the General Data Protection Regulation (GDPR). Our highly experienced data protection lawyers advise on a broad range of complex data protection issues. 

The significance of data protection law continues to grow and raises issues of fundamental importance to individuals, businesses and organisations. Kingsley Napley helps individuals and business negotiate this complicated area of law, ensuring personal data is protected and helping to manage the consequences when it is not. 

Assisting you in complying with the new data protection law

Our specialist team can provide your organisation with properly targeted, well-rounded and expert legal advice so you can meet the expectations of the GDPR:

  • Reviewing your information handling policies, procedures and records to ensure that your organisation can demonstrate compliance with the GDPR.
  • Advising upon the lawful bases upon which your organisation processes data, including where individual consent is relied upon. 
  • Updating information processing notices to meet the new standards of transparency.
  • Revising contracts with all data processors to bring them in line with the new law.
  • Advising upon the legality of international transfers of personal data.
  • Dealing with the exercise of individual data rights including subject access, data porting, rectification and erasure.

Supporting you in the event of data breach

The financial and reputational damage caused by a data breach can have devastating consequences to businesses and organisations. Meanwhile, the breach of an individual’s information rights can have a significant impact upon their personal and professional lives.

Dealing with a data breach of any nature can carry significant risks, whether you are an individual or a business. We will work closely with you to understand the issue and what you hope to achieve, advising you of an appropriate approach and the likely outcomes.  

In the event your organisation is investigated by the Information Commissioner’s Office, our team can draw upon significant specialist regulatory and criminal experience to support your organisation through the enforcement process.  We have expertise in data protection litigation, both within the civil and criminal courts.

Data Protection in Employment

We can assist with respect to the particular data protection issues which arise within the employment relationship. In addition to the services above, we can assist employers bring their practices in line with the GDPR by:

  • Helping you to carry out an employee data audit.
  • Revising your contracts of employment.
  • Reviewing your data protection policies applying to employees and their data, including monitoring, retention and deletion of employee data and data breach notification.
  • Review existing recruitment processes.
  • Creating bespoke training for your employees to ensure that every individual understands their data protection responsibilities.
  • Assisting you in the event of receiving subject access requests in the context of employment disputes.
  • Advising you with respect to particular employment issues concerning the appointment of a data protection officer.


Corporate and Commercial Data Protection advice

  • Drafting privacy policies and cookies notices for websites.
  • Reviewing, negotiating and drafting data processing terms in commercial contracts, in particular those to which cloud service providers are a party.
  • Reviewing data protection provisions in commercial contracts as part of data protection audits.
  • Advising in respect of the data protection aspects of corporate transactions, including asset and share sales.
  • Advising in respect of the terms of EC Model Contract Clauses to govern international transfers of data. 


Our data protection team comprises individuals from a wide range of disciplines including public law, employment, corporate and commercial, criminal litigation, immigration, and regulatory, providing you with properly targeted, well-rounded and expert advice.

GDPR and Data Protection Insights

View all


GDPR and Brexit: the draft withdrawal agreement and data transfers from the EU

Data Protection and the Law of Unintended Consequences…

Disclosure of Suspicious Activity Reports may not amount to Tipping-off, says High Court

Data Protection Act 2018 and law enforcement: an introduction

The Data Protection Act 2018: new criminal offences for data breaches

Data breach reporting – the only way is up

Joint data controllers – yet more data protection uncertainty

Some welcomed guidance for data controllers: Court of Appeal confirms the correct test to be applied when considering a SAR concerning mixed data

GDPR: The significance of the new principle of accountability

The ICO’s Regulatory Action Policy: What to expect in the new GDPR era

GDPR: A guide for therapists

UK-EU security cooperation post Brexit (Part II) - ringing the alarm bell!

UK-EU security cooperation after Brexit (Part I) - approaching the cliff edge

The Data Protection Bill - New Criminal Offences for Data Protection Breaches On Their Way to the Statute Book

Subject Access Requests under the GDPR: What employers need to know

Data protection: A new board room priority

GDPR & Brexit: Data transfers from the EU and the UK’s new status as a “third country”

The £17 million Question - What will the ICO’s enforcement powers be under the GDPR, and how will they be used?

Social Media Giants vs Children – the truth behind social media contracts

An introduction to contracts between data controllers and data processors under the General Data Protection Regulation

When is a data controller liable for the criminal acts of a rogue employee?

The real impact of the GDPR… new notification obligations

An introduction to Data Protection Officers under the GDPR: Should you appoint one?

The EU-US Privacy Shield – One Year On and Still Going Strong

Data Protection – can employers still monitor employees’ communications in light of Barbulescu v Romania?

Block chain: Is the GDPR out of date already?

Implications of GDPR and new Data Protection Bill for employers

Data Protection – 10 further top tips for responding to subject access requests

The Queen’s Speech 2017 – Setting the parliamentary agenda

More to do on cyber-security: half of UK businesses suffer cyber-security breach

Data Protection – even MORE practical guidance from recent case law on subject access requests

Further chinks in the armour? EU-US Privacy Shield and the concerns of MEPs

Patient confidentiality in the spotlight

The GDPR: What do employers need to be doing now?

Entrepreneurs and small businesses need to prepare now for the new data protection regime

The first challenges to the EU-US Privacy Shield

Data Protection Regulation blog series

Coming clean on data security breaches

Doctors’ privacy rights: GMC wrong to disclose information to patient

EU-US Privacy Shield

UK: ICO guidance confirms "GDPR firmly on Brexit agenda"

Thinking of taking your employer’s confidential information to a competitor? Think twice.

Further update: EU-US Privacy Shield

April Update: EU-US Privacy Shield

New Information Commissioner announced

March Update: EU-US Privacy Shield

Press stop on poor mobile working practices

Information Commissioner calls for stronger sentencing powers

"EU-US Privacy Shield” – a Safe Harbour mark II

EU Data Protection Regulation: Here at last…well, nearly!

A bitter pill: Hard lessons learnt by online pharmacy fined for selling customer data

Close Load more

Let us take it from here.

+44 (0)20 7814 1200

Skip to content Home About Us Insights Services Contact Accessibility