Data Protection & GDPR


It’s crucial that you can understand the complex rules around data protection to ensure your business continues to be compliant and that is exactly what our team focuses on: making the law understandable. Whether you are a small charity, a sole trader or a large multinational, protecting your clients’ and customers’ data as well as that of your staff matters.

Our dedicated team delivers scaleable services, mostly on a fixed fee basis, so you can focus on your commercial success, confident that you have solid legal procedures and policies in place.

Key data protection services

  • Drafting data protection compliance documents such as internal data protection policies (privacy notices), records of processing activities, privacy standards, data retention policies, data processing agreements, international data transfer agreements and data processing consent wording.
  • Assisting with data audits.
  • Support in dealing with data breaches.
  • Support in dealing with requests from data subjects to exercise their data protection rights. Principally the right of access (data subject access requests (DSARs)).
  • Advice on all forms of direct marketing (telesales, email marketing, SMS advertising, postal marketing) and ensuring that you are compliant with the rules relating to direct marketing and electronic marketing (PECR).
  • Advice on marketing consent and the use of bought-in marketing lists.
  • Drafting Cookie Policies. Advising on cookie consent law.
  • Leading legal due diligence exercises on the data protection compliance of target companies in a corporate acquisition.

Data protection work examples

  • Consulting on an international company’s intra-group data sharing, drafting and implementing the documents needed for ensuring personal data can flow freely and lawfully within the group.
  • Assisting numerous clients following a personal data breach. We helped assess the nature and extent of the breach, whether it was reportable, and drafted notices to the affected parties and advised on reporting to the ICO.
  • Training companies with regard to their GDPR compliant policies, procedures and notices.
  • Assisting clients with their responses to DSARs including what to withhold and what to disclose, obligations of confidentiality to third parties, advice on redaction, balancing the rights of the data subject with the clients’ rights, legal professional privilege and other exemptions. 

How do we help you draft compliance documentation?

  1. We can either chat on the phone, via zoom or over email about what you need.
  2. Send you a questionnaire to complete that helps us understand your requirements even better.
  3. We draft your documents.
  4. You review the policies.
  5. We help put your documents and procedures into action.
  6. We’re available to answer any questions which come up thereafter.

How we work with you

Whilst based in the South of England, Paris Smith acts for businesses and families throughout the UK. Technology has enabled us to provide a high level of service to our clients whether they are local to our offices or not. Our advice can be given in many ways:

  • Over the telephone
  • Via video conferencing
  • In face to face meetings

We will talk through how you would like to be contacted and the best ways for us to meet in our early conversations with you.

Meet the team

Our Data Protection & GDPR team is made up of 2 partners and 1 associate. You can find their contact details below.

Introducing your key contacts

Crispin Dick
Partner – Commercial


Laura Trapnell
Partner – Head of Commercial and Intellectual Property



How we’ve helped our clients

“I am so pleased I’ve used Paris Smith to help steer us through our GDPR Interpretation – the team were approachable, smart and knowledgeable.”

Larry Haywood, Head of Compliance – Gist Ltd

Gist Ltd

Downloadable Guides

You may also be interested in

Business & Regulatory Advice

Get in touch

We are here to help. Get in touch to speak with an expert.


Stay up to date with our latest industry news

By completing your details and submitting, you are consenting to us sending you relevant legal updates and invitations based on the areas of interest you select. For further details please read our privacy notice.

Back to Intellectual Property