General Data Protection Regulation
As a commercial law firm specialising in IT, tech law, and the internet, our lawyers deal with data collection and use on a daily basis.
If data used by our clients is personal data, we advise on the best way to secure their commercial
aims while complying with the Data Protection Act, the Privacy Electronic Communications Regulations (as amended), the new General Data Protection Regulation and the incoming Data
Protection Bill 2017.
We understand that data protection is about balancing positive commercial exploitation of data
against an individual's right to safeguard their personal data.
We also understand that the need to make this balance has come into much sharper focus with the
GDPR's implementation from May 2018. The 1998 DPA contained much of the same content as the
GDPR - but most businesses only encountered it in a reactive situation such as a data breach or a
data subject's complaint.
From May 2018, the game changes - a business needs to state openly how it complies from the get-
go. Businesses now need to do much more to show that they understand what data they hold, how
they use it, and how they comply with data protection law.
We understand that not every one of our clients comply. We think our skill is in blending our
knowledge of compliance requirements in-depth understanding of our client's businesses. The
result: helping the client towards compliance, while maintaining commercial aims and the "user
experience" as intact as possible.
- IT services providers on data protection issues as data processors in multi-million pound
- Internet web aggregators on their collection, storage and distribution of online customer
- Start-ups on data protection from the start, to embed the GDPR's aim to make data
protection a cultural consideration for every business
- Service suppliers on what to do when presented with a thirty page data protection
compliance document by their larger customers
- Worldwide business intelligence distributors on journalist and public interest exemptions
from data protection laws
- Public and private sector clients on the proper way to handle Subject Access Requests
- Northern Irish FDIs on the sharing of EU personal data with their international parent
companies, with a particular emphasis on how to share data between the UK and the US
- NDPBs, NGOs and charities on their collection and processing of personal data, including in
relation to sensitive personal data relating to the Troubles
- Software developers on ways by which "privacy by design" can be used to minimise
personal data use and risk, or to aggregate collected data to a level where it's no longer
- Businesses of every shape, nationality and size on the terms of their contracts, policies and
protocols, and internal business cultures on how best to do what they want to do while
staying within the data protection law.
Katey Dixon and Rory Campbell regularly write and talk on the full range of data protection matters.
Do feel free to contact either of them on firstname.lastname@example.org and email@example.com or phone at
Forde Campbell LLC,
1-3 Lombard Street, Belfast
Northern Ireland, BT1 1RB
9am - 5:30pm Monday to Friday
FORDE CAMPBELL LLC is the trading name of FORDE CAMPBELL LIMITED, a limited liability company registered in Northern Ireland with registered number NI611989. FORDE CAMPBELL LLC is regulated and authorised by the Law Society of Northern Ireland.Site Terms
| Privacy Notice