GWLG-RGB-Positive-logoGWLG-RGB-Reverse-logo
Who we are
What we do
Our people
Insights
Topics
  1. Gowling WLG
  2. > Services
  3. >
    Data Protection

Data Protection

Data protection - website - banner image

We ask the questions you didn't know to ask

Everything about personal data depends on context. Who, where, why and how it's controlled are all key questions which will shape how you navigate the regulatory framework.

We'll ask about your privacy controls so we can give advice that fits your business and goals. From helping you to learn the basics, to designing proportionate compliance processes and getting down in the detail for complex advice, our data protection lawyers will match their expertise to your needs.

Get more than 'tick-box' support

Compliance isn't a one-off issue. Regulatory demands to achieve compliance are constantly developing and changing. We'll help you navigate the Data Protection Act, GDPR, PECR, other relevant legislation and regulatory codes of practice and guidance to fit with the legal requirements, but also yours and your customers' needs and objectives.

Our team work day-in, day-out with clients to advise on ad hoc, business as usual issues, all the way through to major projects. Examples of our work include data mapping and data protection impact assessments for new projects; preparing policies, privacy notices and accountability documentation and responding to events like data subject access requests.

There for you when the worst happens

No business wants to experience a data breach. It's not just the potential regulatory penalties and reputational damage – it's your time and revenue. But even with every preventative measure in place, things can happen. In the event of a breach, we'll work alongside you to help you fulfil any reporting obligations, conduct investigations and take remedial action.

We're a data protection law firm that is an extension of your team in any scenario and here to support you, helping you prepare for a breach and then responding if it happens. Our legal expertise should be a given. We will prioritise building a partnership with you built on trust and knowing your business inside out.

Everything about personal data depends on context. Who, where, why and how it's controlled are all key questions which will shape how you navigate the regulatory framework.

We'll ask about your privacy controls so we can give advice that fits your business and goals. From helping you to learn the basics, to designing proportionate compliance processes and getting down in the detail for complex advice, our data protection lawyers will match their expertise to your needs.

Get more than 'tick-box' support

Compliance isn't a one-off issue. Regulatory demands to achieve compliance are constantly developing and changing. We'll help you navigate the Data Protection Act, GDPR, PECR, other relevant legislation and regulatory codes of practice and guidance to fit with the legal requirements, but also yours and your customers' needs and objectives.

Our team work day-in, day-out with clients to advise on ad hoc, business as usual issues, all the way through to major projects. Examples of our work include data mapping and data protection impact assessments for new projects; preparing policies, privacy notices and accountability documentation and responding to events like data subject access requests.

There for you when the worst happens

No business wants to experience a data breach. It's not just the potential regulatory penalties and reputational damage – it's your time and revenue. But even with every preventative measure in place, things can happen. In the event of a breach, we'll work alongside you to help you fulfil any reporting obligations, conduct investigations and take remedial action.

We're a data protection law firm that is an extension of your team in any scenario and here to support you, helping you prepare for a breach and then responding if it happens. Our legal expertise should be a given. We will prioritise building a partnership with you built on trust and knowing your business inside out.

Data compliance audits

We ask the questions you didn't know you needed to. This helps us spot potential risks and put everything in place to stay compliant with data privacy regulations. We review your current processing activity and procedures and make recommendations to remedy any compliance gaps in a proportionate manner.

Data subject access requests (DSARs)

Privacy notices and policies

Contract negotiations and data sharing agreements

International data transfers

Data protection impact assessments (DPIAs)

Breach response and preparation

Freedom of Information and Environmental Information Regulations

Data compliance audits

We ask the questions you didn't know you needed to. This helps us spot potential risks and put everything in place to stay compliant with data privacy regulations. We review your current processing activity and procedures and make recommendations to remedy any compliance gaps in a proportionate manner.

Data subject access requests (DSARs)

Requests for personal information or DSARs are common and can be difficult to handle. Our data protection lawyers can help guide you through the process. In partnership with leading IT services providers, you get a dedicated support team to help reduce time and costs with the right processes and training.

Privacy notices and policies

Getting privacy notices and policies right is critical to compliance, especially as privacy notices are public-facing documents and increasingly subject to regulatory scrutiny. We can help you draft these documents and keep them updated as rules or needs change.

Contract negotiations and data sharing agreements

When data needs to be shared between parties, the right agreements need to be in place to safeguard your business. Those agreements need to be tailored to the particular context and focus on the right risks. We draft and negotiate data processing agreements and data sharing agreements across a huge number of sectors and contexts.

International data transfers

Data is borderless and most businesses' supply chains will send personal data between jurisdictions at some point. Our team can advise on the safeguards you need to transfer data in a compliant manner.

Data protection impact assessments (DPIAs)

Understanding the impact of how you process data is the key to safeguarding it. We can help you conduct data protection impact assessments to identify, overcome and manage any potential risks within your business. DPIAs are increasingly key as evidence for regulators to demonstrate your accountability and risk management.

Breach response and preparation

The best way to handle a breach is to be prepared. We can assist you with incident response planning, staff training and reviewing policies and processes. In the event of a breach, our team are only a call away to support with analysis, forensics, reporting obligations, investigations, notifying insurers and remedial action.

Freedom of Information and Environmental Information Regulations

Whilst usually only public sector organisations are subject to Freedom of Information (FOI) and Environmental Information Regulations (EIR), if you supply to those organisations, you may need to present to your customer why information related to your business should benefit from an exemption from disclosure under these regulations. You will need to respond quickly, within the statutory period. We can identify any relevant exemption, gather evidence to support its application and present your position to your customer.

Awards & recognition

"They underpin compliance advice with sound common sense and practicality to help us find ways to achieve our goals."

Testimonial from the Legal 500 UK (2025)
Our team is regularly ranked highly for its work in the technology sector. Partner Jocelyn Paulley was named a 'Leading Partner' for IT and telecoms work in the West Midlands in The Legal 500 (2024). Partner Loretta Pugh was also recognised as a 'Next Generation Partner' for data protection, privacy and cyber security. The 2025 directory also noted, "Recent highlights for the practice have ranged from assisting with relevant elements of transactions, to advising on direct marketing issues, to handling breach-related disputes."

Client work

Data Protection - Client work - Leading manufacturer of building trade products

Leading manufacturer of building trade products

Leading manufacturer of building trade products

Advised on a complex DSAR submitted by a disgruntled employee, working within extremely tight deadlines and high volumes of documentation. Our team conducted comprehensive searches, ensured relevance and redaction and crafted a GDPR compliant response.
Data Protection - Client work - The Independent Office for Police Conduct

The Independent Office for Police Conduct

The Independent Office for Police Conduct

Advising and creating a data protection impact assessment for a new case management system that contained a huge quantity of special category data, including reviewing supplier GDPR questionnaires, negotiating data protection classes, structuring documentation and advising on specific issues.
Data Protection - Client work - Donna Ockenden Limited

Donna Ockenden Limited

Donna Ockenden Limited

Advising Donna Ockenden as Chair of the non-statutory inquiries into the maternity units at Shrewsbury and Telford and Nottingham University Hospital Trusts, including controller/processor analyses, information sharing agreements, retention, policy documentation drafting and privacy notices.
Data Protection - Client work - Pensions industry

Pensions industry

Pensions industry

Advising trustees of schemes on GDPR compliance implementations, creating policies, privacy notices, data processing clauses and data sharing agreements. We have also advised trustee clients on 'first of a kind' issues such as Pensions Dashboard implementations and cyber incident response plans.
Data Protection - Client work - Leading manufacturer of building trade products

Leading manufacturer of building trade products

Leading manufacturer of building trade products

Advised on a complex DSAR submitted by a disgruntled employee, working within extremely tight deadlines and high volumes of documentation. Our team conducted comprehensive searches, ensured relevance and redaction and crafted a GDPR compliant response.
Data Protection - Client work - The Independent Office for Police Conduct

The Independent Office for Police Conduct

The Independent Office for Police Conduct

Advising and creating a data protection impact assessment for a new case management system that contained a huge quantity of special category data, including reviewing supplier GDPR questionnaires, negotiating data protection classes, structuring documentation and advising on specific issues.
Data Protection - Client work - Donna Ockenden Limited

Donna Ockenden Limited

Donna Ockenden Limited

Advising Donna Ockenden as Chair of the non-statutory inquiries into the maternity units at Shrewsbury and Telford and Nottingham University Hospital Trusts, including controller/processor analyses, information sharing agreements, retention, policy documentation drafting and privacy notices.
Data Protection - Client work - Pensions industry

Pensions industry

Pensions industry

Advising trustees of schemes on GDPR compliance implementations, creating policies, privacy notices, data processing clauses and data sharing agreements. We have also advised trustee clients on 'first of a kind' issues such as Pensions Dashboard implementations and cyber incident response plans.
Data Protection - Client work - Leading manufacturer of building trade products

Leading manufacturer of building trade products

Leading manufacturer of building trade products

Advised on a complex DSAR submitted by a disgruntled employee, working within extremely tight deadlines and high volumes of documentation. Our team conducted comprehensive searches, ensured relevance and redaction and crafted a GDPR compliant response.
Data Protection - Client work - The Independent Office for Police Conduct

The Independent Office for Police Conduct

The Independent Office for Police Conduct

Advising and creating a data protection impact assessment for a new case management system that contained a huge quantity of special category data, including reviewing supplier GDPR questionnaires, negotiating data protection classes, structuring documentation and advising on specific issues.
Data Protection - Client work - Donna Ockenden Limited

Donna Ockenden Limited

Donna Ockenden Limited

Advising Donna Ockenden as Chair of the non-statutory inquiries into the maternity units at Shrewsbury and Telford and Nottingham University Hospital Trusts, including controller/processor analyses, information sharing agreements, retention, policy documentation drafting and privacy notices.
Data Protection - Client work - Pensions industry

Pensions industry

Pensions industry

Advising trustees of schemes on GDPR compliance implementations, creating policies, privacy notices, data processing clauses and data sharing agreements. We have also advised trustee clients on 'first of a kind' issues such as Pensions Dashboard implementations and cyber incident response plans.
Data Protection - Client work - Leading manufacturer of building trade products

Leading manufacturer of building trade products

Leading manufacturer of building trade products

Advised on a complex DSAR submitted by a disgruntled employee, working within extremely tight deadlines and high volumes of documentation. Our team conducted comprehensive searches, ensured relevance and redaction and crafted a GDPR compliant response.

Key contacts

Jocelyn Paulley

Jocelyn S Paulley

Partner

Co-leader of Retail & Leisure Sector (UK)
Co-leader of Data Protection and Cyber Security sector (UK)

Birmingham
Loretta Pugh

Loretta Pugh

Partner

Co-lead of Data Protection and Cyber Security (UK)

London
Amber Strickland

Amber Strickland

Principal Associate

Birmingham
Data protection - Services - in-page

Related services

Cyber Security and ResilienceCommercialDispute Resolution & LitigationGovernance, Risk and ComplianceInformation Technology LawTechnology Law

Related sectors

Tech

Subscribe for updates

Sign up to receive insights on the latest legal changes and developments

Subscribe

Stay connected

  • Email icon - White
  • LinkedIn logo - white
  • X Twitter logo - white
  • Facebook logo - white
  • YouTube logo white
  • Instagram logo - white
gowlingwlg

Gowling WLG is an international law firm comprising the members of Gowling WLG International Limited, an English Company Limited by Guarantee, and their respective affiliates. Each member and affiliate is an autonomous and independent entity. Gowling WLG International Limited promotes, facilitates and co-ordinates the activities of its members but does not itself provide services to clients. Our structure is explained in more detail on our Legal Information page.

PeopleSectorsServicesClient solutionsInsightsNewsClient work
TopicsEventsCareersWho we areGlobal reachCorporate responsibilityContact us

© 2025 Gowling WLG All rights reserved.

Legal information
Privacy statement
Accessibility
Terms of use
Cookies
Sitemap
Regulatory information
Modern slavery statement
UK pay report
Terms and conditions of purchase
UK tax strategy
How we use artificial intelligence (AI)
Fraud alert