top of page
Data Protection and Privacy

Data Protection and Privacy

A complete suite of Data Protection and Privacy Law Solutions from undertaking high level audits, reviewing policies and documentation through to advising on Information Commissioner investigations.

A week does not go by without news of a Data Protection breach where personal data has been compromised because the organisation failed to take simple steps to comply with the law.​


At Information Law Solutions, we keep you out of the headlines and put you firmly on the road to compliance by delivering Data Protection and Privacy solutions bespoke to your needs.

We first understand how data is used and flows within your organisation so that we can develop policies, procedures and an accountability framework for your organisation.


We provide solutions that allow your organisation to use personal data how you want and maximise its value, while ensuring compliance with legal and best practice requirements.

How we deliver solutions is decided by you, our client.  You are free to pick and choose from the list below on an ad hoc, regular or an emergency response basis.  We deliver what you need, how you need it and when you need it.


We provide a healthcheck to let you know how your organisation is doing.  This can be a quick high level check or a full compliance audit (either desktop or on-site) of your data systems, policies and procedures, websites, CCTV systems with a data security check to help identify what you need as a matter of priority from the following list.  In full compliance audits, we prepare a detailed audit report with a jargon-free executive summary of key findings and action points to feed into your compliance programmes.


Here are some examples of the types of Data Protection and Privacy Law Solutions that we offer:


  • Practical application of Data Protection legislation to your organisation

  • Policy review and developing compliant standard form documentation, including employment contracts, application forms, Data Protection statements and policies and website documentation

  • Developing Data Protection compliance strategies, disaster recovery and business continuity plans

  • Exercise of data subjects’ rights, including helping clear subject access request backlogs, reviewing personal data your organisation holds and preparing and issuing responses to requests

  • Reviewing and preparing data sharing protocols

  • Transfers of personal data outside the EU, including to Privacy Shield certified US-based recipients

  • Data processing arrangements, including outsourcing marketing, human resources, cash room and IT functions

  • Data security and management of data security breach incidents

  • Interface between Data Protection and employment, including employee monitoring, handling employment records, TUPE transfers, managing sickness and health records and remote working

  • New and emergent technologies, including mobile apps, wearable technologies, drones, CCTV, BYOD, cloud computing, social media, telecare solutions and undertaking privacy impact assessments of new systems and services at the design, beta testing and deployment stages

  • Handling and responding to complaints made against your organisation

  • Preparing your organisation and staff for Information Commissioner investigations by conducting mock audits, on-site inspections and interviews

  • Information Commissioner investigations, including making written submissions to the Information Commissioner, liaising with the Information Commissioner and implementing action points arising from Information Commissioner enforcement action and monetary penalty notices


We offer a Helpline service for emergency and “colleague down the corridor” enquiries, designed to provide quick answers to “what do we do now” and “can we do this” type questions.  The service is similar to having an in-house Virtual Data Protection Officer on standby on a day-to-day basis without the associated expense and administrative burden – ideal for small and medium-sized organisations.  We assume day-to-day responsibility for Data Protection compliance in the client organisation and provide a supplementary professional expert resource to existing in-house resources.  Engagement can be as short or long term as desired and the role of the Virtual Data Protection Officer can be as light touch or hands on, as required and in accordance with the needs and culture of your organisation.

bottom of page