McMillan Williams advises and represents individual and corporate clients on legal issues relating to the Data Protection Act 1998 (DPA) and the General Data Protection Regulation (GDPR).  

Ryan Dunleavy
Ryan Dunleavy
Partner & Head of Media Law Reputation Management

The GDPR will apply in the United Kingdom from 25 May 2018 onwards, after which time the following will happen: the cap on fines for data breaches will increase from £500,000 to €10,000,000 (or 2% of global turnover), there will be a new accountability requirement, the issue of consent from data subjects will be strengthened, and individuals will have enhanced rights generally. There will be numerous other changes to the data protection regime in the UK that will be imposed by the GDPR.

As it stands under existing legislation and case law, there are already various obligations on companies as well as other businesses and legal entities with regard to how they obtain, process, store and share personal data about living individuals. For instance, there are various data protection principles that govern how an entity must deal with personal data. It is unlawful to breach them.

We act for individuals who think there has been a breach of their data protection rights. Our experts are also happy to advise upon and draft subject access requests for individuals who wish to obtain copies (for whatever reason) of their personal data that are held by others.

We also advise corporate clients upon data protection law, Codes, privacy notices, impact assessments, compliance, breaches, and documents.  Our experts are happy to assist with drafting documents such as data protection policies and protocols. We also draft data protection clauses for various types of contracts. We are currently helping clients to prepare for the changes that will take place to the data protection regime after the GDPR becomes UK law.

Subject Access Rights

Data protection law conveys various rights upon data subjects. These rights are far ranging, but often vaguely expressed in the DPA and difficult to interpret. In essence, data subjects have a right to be informed by any data controller whether it holds or processes data on them, and to obtain from the data controller a description of the data, as well as a copy of the information in an intelligible form. The data subject can also request and receive information relating to the purposes for which the data are being held, the recipients or classes of recipients to whom they may be disclosed, and the source of the data.

Handling Data in Compliance with the Data Protection Act

Aside from their subject access rights, individuals can seek to ensure that businesses, companies, employers and other entities are handling their data in compliance with data protection law.  When there is a breach of the law, our lawyers specialise in both defending and pursuing complaints to the Information Commissioner's Office, as well as litigation for compensation and injunctions from the courts.  We also seek to ensure that breaches are set right as soon as possible, and that measures are put in place to ensure that they are not repeated.

We Can Help

At MW Solicitors, our mission is "To make quality legal services accessible to everyone" including those individuals whose data rights have been breached or companies who need help ensuring that their data protection policies and processes are compliant with the DPA and GDPR.

If you would like to discuss your case with our team of expert and specialist Lawyers call us today on 0203 551 8500 or email us at


Contact Us

Translate this page