The General Data Protection Regulation (GDPR) is the European Union’s new data protection regime which came into effect in May 2018.

It has wide territorial scope – it applies not only to organisations with a physical presence in EU member states, but also to entities located anywhere in the world, if they are processing personal information about, or monitoring the behaviour of, EU citizens.

GDPR also introduces vastly increased fines. The maximum fine for a serious infringement is 4% of annual worldwide turnover, or €20 million, whichever is the greater. Therefore even a smaller organisation could potentially face an administrative fine of up to €20m.

Contact our experienced lawyers to discuss your requirements and explore how we can help make your organisation GDPR-compliant.

We can help you by:

  • Gap analysis and advice on remedial actions
  • Data audits and compilation of Article 30 records (legally required records of your data processing activities)
  • Developing your data protection policies, procedures and privacy notices
  • Advice on measures to be taken to ensure GDPR compliance when transferring data out of the EU
  • Data protection impact assessments – to be undertaken when new processes or technologies are introduced which might affect the rights and freedoms of data subjects
  • Drafting agreements (which are legally required) to regulate your relationship with other entities who may be processing personal data on your behalf, or on whose behalf you may be processing personal data.


"We have had a great experience working with you and your team both personally and professionally."

"I personally contact about 100 law firms worldwide each year and you are undoubtedly on the top tier."

GDPR and data protection team

Please contact the lead lawyers in the team:

Matthew Clayton MA LLM (Cantab)

Kym Fletcher LLB (Hons)

Matthew Clayton

“... the incredibly professional corporate and commercial group ...” Legal 500

Kym Fletcher