Our specialist information law team provides cost-effective, novel solutions to our Charity & Social Enterprise clients on privacy, data protection, GDPR, data transfer challenges and data breaches.

Information law is a fast moving and complex legal landscape which calls for specialists not generalists.

Our Information law team is led by a core of Information lawyers with specialist qualifications and long-standing expertise. The team has sector-specific experience and works alongside lawyers in the Charity & Social Enterprise team to deliver truly practical and cost-effective solutions to help you navigate the Information Law regulatory maze.

Our Information Law team provides legal advice, support and training (both face to face and online) through novel and flexibly priced options so our Charity and Social Enterprise clients can pick and choose a level of service that suits.

We provide full spectrum advice and support to charities, voluntary organisations and social enterprises, including:

Legal advice

On compliance with your obligations under data protection, GDPR, Privacy and Electronic Communications Regulations (PECR) and planning for the ePrivacy Regulation (set to replace PECR) and freedom of Information law.

Data breach management service

Including technical cyber breaches, reporting a breach, and what you need to do before a breach occurs.

Data protection audits and health checks and Data transfer audits.

The aim of the GDPR audit or health check is to determine and assess your organisation’s level of compliance. Our methodologies have been honed by our specialist lawyers to efficiently capture information about how your organisation handles personal data so that you get a picture of how compliant you are with law. We can advise on all stages of the transfer of data – from ensuring that the appropriate consents / notices are in place to drafting agreements that may be necessary in specific circumstances.

Outsourcing of data processing and Data Sharing Agreements.

We can advise on, and draft data protection contract clauses and data processor agreements. For independent controller to independent controller sharing or joint controller arrangements.

Drafting bespoke data protection policies

Agile/remote working policies, privacy notices and consent mechanisms.

Direct marketing

Including fundraising campaigns, profiling, data cleansing and data enrichment

Website Compliance 

Including cookies, privacy, and sharing policies.

Data Subject Access Requests

This includes other legal rights under GDPR, requests under Freedom of Information Act and Environmental Information Regulations and Reuse of Public Sector Information Regulations.

Photographs, video, social networking, Artificial Intelligence (AI) and use of biometrics

Understand the dos and don’ts of CCTV, biometric data and data sharing.

Data Security

Data Protection Impact Assessments, pseudonymisation and anonymisation and data security measures

Staff Training and Serious Incident reporting

This training includes bespoke, standard, face to face and online training. We also provide truly bespoke online training to reflect your local policies and procedures. Please see our training in data protection and freedom of information page for more information. Advice on Serious Incident reporting to the Charity Commission in an Information Law context.

The law and practice referred to in this article or webinar has been paraphrased or summarised. It might not be up-to-date with changes in the law and we do not guarantee the accuracy of any information provided at the time of reading. It should not be construed or relied upon as legal advice in relation to a specific set of circumstances.