Data Protection FAQs
Find answers to our most frequently asked questions about data protection and privacy from our lawyers.
Read more
Data Protection Lawyers
Our specialist data protection solicitors and advisors provide commercial, proactive advice and management training to guide your journey to compliance.
Our data protection experts proactively identify and fix gaps in your practices. If you suffer a breach, we’re on-hand to react by minimising its impact and guiding you through.
Recognised as a 'Top Tier' team in The Legal 500, we provide the commercial, practical and innovative advice you need on all aspects of data including privacy, data protection, security, crisis management and confidentiality.
Our comprehensive, expert-led data protection management training programme is designed specifically for boards, senior leaders and operational teams, covering the Data Protection Act 2018, UK GDPR and the Data (Use and Access) Act 2024. This provides practical guidance around governance, accountability, privacy by design and much more — all tailored to your organisation's risk profile and decision-making culture.
Our team includes Data Protection Practitioners and senior commercial solicitors who understand your operating environment and regulatory drivers.
With our ability to read, interpret and use market intelligence and feedback from regulators, we'll ensure that the advice you receive is accurate and fit for purpose.
We take time to understand how and why you collect and use personal data. We then help you to implement appropriate notices and privacy policies to ensure that you collect personal data correctly and transparently before tailoring appropriate clauses in your commercial agreements that relate to the processing and sharing of personal data.
We also advise on and prepare other internal data protection policies and procedures to address matters such as your record keeping and day-to-day compliance requirements.
If something goes wrong, we provide rapid, pragmatic support following data breaches and cyber incidents. We advise on containment, investigation, notification obligations, communications with affected individuals and engagement with the ICO — helping clients to manage both legal risk and reputational impact.
Talk to us by giving us a call on 0333 004 4488, sending us an email at hello@brabners.com or completing our contact form.
Specialist data protection management training & GDPR compliance
Have you complied with your GDPR training obligations? Could you demonstrate full data protection law compliance if the ICO looked at you tomorrow?
Our specialist training can give you everything you need — from an initial status review to a tailored action plan — for your compliance journey. We focus on real‑world threats, regulatory expectations and board‑level accountability to ensure that your senior leaders understand not just the law, but what good governance truly looks like in practice.
This is designed to help you confidently navigate your legal duties, avoid blind spots and strengthen organisational resilience against breaches, fines, investigations and reputational damage.
Our course will ensure that your organisation:
- Meets its legal obligations for regular, appropriate data protection training — something that regulators explicitly expect from boards and staff.
- Reduces corporate and personal liability for directors by embedding accountability into decision‑making.
- Prepares for regulatory scrutiny by strengthening your ability to demonstrate compliance, risk assessments, governance and due diligence on third‑party data processors.
- Protects your reputation and finances by upskilling people to prevent incidents that routinely cost businesses millions of pounds.
- Builds confidence across your leadership team and wider workforce in handling personal data lawfully, securely and efficiently.
We’ll review your current data protection practices and tell you how to fix any gaps. We also offer advice and support on handling rights requests, complaints and investigations that relate to data protection, data subject rights, subject access requests (SARs) and dealings with the ICO.
The full spectrum of privacy & data protection compliance services
We advise organisations across all sectors on the full spectrum of privacy and data protection compliance.
This includes UK GDPR compliance reviews, drafting and updating privacy notices and policies, data protection impact assessments (DPIAs), data sharing agreements, international data transfer advice, staff training and ongoing strategic support. We also advise on related areas such as PECR, direct marketing and information security governance.
We further advise international organisations based outside the UK on their obligation to appoint a UK GDPR representative where required. We support clients in assessing whether the requirement applies, acting as a UK GDPR representative where appropriate and ensuring that representative arrangements are properly documented and aligned with regulatory expectations.
As a full‑service law firm, we combine technical data protection expertise with wider regulatory, commercial, employment and dispute resolution support. This means that privacy advice is integrated with your broader legal and commercial risk profile — not delivered in isolation.
“Sara Ludlam and Eleanore Beard have been an integral part of setting up our compliance with data protection legislation, ensuring a pragmatic approach to GDPR, training our people and answering general queries. Their enthusiasm for this topic and ability to break down the jargon into simple language has been so helpful.”
Head of Quality, Compliance & Group Business Ops, Proveca Medicines for Children
“Sara Ludlam prepared a set of GDPR/data protection documents that could be rolled out across our group and hosted an in-person GDPR training course... an interactive session with plenty of opportunities for Q&A. We appreciated Sara’s efforts to make the training bespoke, with a focus on the key issues we face as consultants. A complex topic but Sara did a great job of keeping everyone engaged. Thank you.”
Group Compliance Officer & Solicitor/Legal Counsel, ABL Group
Watch our webinar: Navigating AI & Privacy
The use of AI at work is bringing new layers of complexity that many organisations are still trying to navigate — from highly convincing phishing attempts and deepfake scams to the collection of data on an unprecedented scale. The current regulations aren't quite able to keep up with the speed of change, since the risks are evolving more rapidly than traditional compliance measures can address.
In response, our data protection team hosted a webinar designed to give participants a straightforward overview of today’s regulatory environment, outline the unique risks posed by AI (along with practical solutions), share effective compliance approaches and explain how to ensure that your cybersecurity efforts complement your data protection responsibilities.
This is essential viewing for any organisation using AI — especially those deploying generative AI and large language models (LLMs). Watch the replay now to help protect both your organisation and yourself as a data controller.
Specialist data protection lawyers
Our team includes Eleanore Beard, a qualified Data Protection Practitioner with extensive experience of acting as a Data Protection Officer (DPO) for clients and as in-house counsel for the Energy and Communications Ombudsman. She’s skilled at implementing privacy programmes and frameworks to help clients comply with legislation.
Eleanore works alongside Partner Matt Brown — an expert in data protection matters who regularly advises on different aspects of the legislation with clients and at events. He’s recognised as a ‘Recommended Lawyer’ by The Legal 500, which notes that he “understands the need for balanced, risk-based advice”.
Partner Sara Ludlam brings specialist data protection regulation and compliance knowledge to the team. She’s experienced in advising and training clients across all sectors on their approach to data protection, managing data subject access requests and correspondence with the ICO.
Reputation management, data and media lawyer Nick McAleenan provides extensive experience of data breach litigation, contentious data subject requests, ICO investigations, handling security incidents and cyber and computer hacking cases. A previous member of The Lawyer’s ‘Hot 100’, Nick brings experience of both group and multi-party litigation. He represented over 10,000 claimants in the UK’s first UK data breach class action (Various Claimants v Wm Morrison Supermarkets PLC), which reached the Supreme Court.
Meet the team
Data protection FAQs
Start your compliance journey
Book your data protection management and GDPR compliance training today.
Data protection insights
2026 horizon scan — key legal & regulatory changes ahead
We explore the key developments that in-house lawyers should have on their radar and what they mean for your organisation in the year ahead.
Read more
Jaguar Land Rover cyber‑attack — protecting your workforce during digital disruption
We explain the impact of the cyber-attack on JLR's workforce and outline what to do to protect your business and minimise the impact if an incident occurs.
Read more
Talk to us
Loading form...