Druces for Business

Data Privacy and GDPR

Druces for Business

Data Privacy and GDPR

What is GDPR?

The EU General Data Protection Regulation (GDPR) came into force on 25 May 2018. The regulations aims to harmonise data protection rules and enforcement across the EU. GDPR is designed to further protect the personal data of individuals, and imposes a stricter regime than under the present law.

What is UK GDPR?

Following Brexit, the GDPR is retained in domestic law as the UK GDPR, but the UK has the independence to keep the framework under review. The ‘UK GDPR’ sits alongside an amended version of the Data Protection Act 2018. Following the UK’s ‘Adequacy Decision’ in 2021 this means businesses and organisations in the UK must continue to follow the requirements set out the GDPR.

Penalties for GDPR non-compliance

Though GDPR has now been in force for several years, many businesses still fail to comply with the rules, often facing tough penalties against them. Failure to comply with GDPR can result in businesses facing fines of up to 4% of global annual turnover, or €20m (whichever is greater).

Our GDPR compliance services for businesses

Organisations need to be aware of their obligations under the GDPR and ensure that they are fully compliant, particularly in light of the higher penalties for infringements. Our experienced lawyers advise on a broad range of data protection issues and can assist your business in complying with the GDPR rules. Druces can advise on:

  • data protection compliance projects, including reviewing your information handling policies and procedures, and updating privacy notices;
  • negotiating contractual provisions addressing data protection and privacy;
  • employment-related data matters;
  • the exercise of individual data rights, including subject access requests;
  • data retention issues and policies;
  • regulatory enquiries;
  • data privacy issues arising out of acquisitions and divestments;
  • legality of international transfers of personal data.

Legal services for businesses suffering a data breach

Druces can also support your organisation in the event of a data breach. The financial and reputational damage to a business following a breach can be severe, and Druces will work closely with you to formulate the best approach in dealing with affected individuals and the Information Commissioner’s Office.

Who to Contact

Neil Pfister


Christopher Evans


How can we help?

To find out more about our services, please contact us on:

Related Services

Intellectual Property

Islamic Finance

Joint Ventures


Autumn drinks reception

We will be joined by guest speakers for a short discussion on the current state of the Prime and Super Prime London residential property markets, including what we can...