"What do data protection lawyers do?"

Key Facts

Data Protection Lawyers are specialist commercial lawyers

Data protection exists to control how your personal information is used by organisations and the government

This area of law became extremely prominent in 2018 as a result of the anticipation and introduction of the General Data Protection Regulations ("GDPR") which became applicable in EU member states on 25 May 2018

GDPR reaffirms and enhances the rights of citizens and consumers to access their data electronically, have it corrected or deleted and to scrutinise data processing.


The penalties for non-compliance also increased drastically as a result of GDPR:

  • maximum fine is EURO 20 million (roughly £18 million) or 4% of the annual global turnover of the organisation - whichever is greater!

Not all GDPR breaches lead to fines though. The ICO (Information Commissioner's Office) which is the supervisory authority of data protection in the UK, can take other actions for breaches such as:

  • issuing warnings and reprimands 

  • imposing a temporary or permanent ban on data processing

  • ordering the rectification, restriction or erasure of data

  • suspending data transfers to third parties 

What's the law?


Anyone that uses personal data has to follow the 7  'data protection principles':

1. Lawfulness, fairness and transparency 

2. Purpose limitation

3. Data minimisation

4. Accuracy 

5. Storage limitation

6. Integrity and confidentiality (security) 

7. Accountability 

The above 7 principles lie at the heart of how personal data should be processed. 

There is stronger legal protection for more sensitive information such as:

  • ethnicity

  • political opinions 

  • religious beliefs 

  • trade union memberships

  • genetics

  • biometrics 

  • health

  • sex life or orientation. 

Your rights 

Under the Data Protection Act 2018, you have the right to:

  • be informed about how your data is being used

  • access personal data

  • have incorrect data updated

  • have data erased

  • stop or restrict the processing of your data

  • data portability 

  • object to how your data 

What do data protection lawyers do?

Data protection lawyers will help clients in the following ways:

  • advise on GDPR compliance by reviewing existing contracts and data processes used by the organisation

  • prepare data protection impact assessments, privacy impact assessments, data protection policies and data processing agreements 

  • implement and advise on data breach procedures 

  • advise on issues relating to data protection and privacy in respect of reputation management of an organisation 

  • assist and provide support to organisations when they receive subject access requests (this is when an individual has requested to see all the personal data held by that organisation about them - time consuming task with a deadline!)

  • advise on complaints and enforcement issues 

  • advise on the implications of data protection on direct marketing and compliance with privacy regulation 

  • supporting clients with claims in court in relation to data protection, data theft and privacy issues and investigations by the ICO