General Data Protection Regulation (GDPR), Data Security

Leading GDPR solicitors 

with the knowledge and experience 

to enable your organisation to achieve GDPR




The GDPR lawyers at RT Coopers Solicitors will advise and assist your organisation with all of your GDPR issues, whatever your organisation, whether you are a corporate company, small and medium sized enterprise, financial institution, charity, school or university.


Personal Data


Any processing of personal data should be lawful and fair. It should be transparent to natural persons that personal data concerning them are collected, used, consulted or otherwise processed and to what extent the personal data are or will be processed. The principle of transparency requires that any information and communication relating to the processing of those personal data be easily accessible and easy to understand, and that clear and plain language be used. That principle concerns, in particular, information to the data subjects on the identity of the controller and the purposes of the processing and further information to ensure fair and transparent processing in respect of the natural persons concerned and their right to obtain confirmation and communication of personal data concerning them which are being processed. Natural persons should be made aware of risks, rules, safeguards and rights in relation to the processing of personal data and how to exercise their rights in relation to such processing. 


In particular, the specific purposes for which personal data are processed should be explicit and legitimate and determined at the time of the collection of the personal data. The personal data should be adequate, relevant and limited to what is necessary for the purposes for which they are processed. This requires, in particular, ensuring that the period for which the personal data are stored is limited to a strict minimum. Personal data should be processed only if the purpose of the processing could not reasonably be fulfilled by other means. In order to ensure that the personal data are not kept longer than necessary, time limits should be established by the controller for erasure or for a periodic review. Every reasonable step should be taken to ensure that personal data which are inaccurate are rectified or deleted. Personal data should be processed in a manner that ensures appropriate security and confidentiality of the personal data, including for preventing unauthorised access to or use of personal data and the equipment used for the processing.


The principles of data protection should apply to any information concerning an identified or identifiable natural person. Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person. Processing must be Lawful and Fair


Our GDPR lawyers will provide you with the guaranteed legal services and the practical advice necessary to become compliant under the The General Data Protection Regulation, whether you are transferring personal data to third countries or international organisations or storing data on websites or databases. 


What is Sensitive Data?


Under the GDPR sensitive data is defined as:

Personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those personal data should include personal data revealing racial or ethnic origin, whereby the use of the term ‘racial origin’ in this Regulation does not imply an acceptance by the Union of theories which attempt to determine the existence of separate human races. The processing of photographs should not systematically be considered to be processing of special categories of personal data as they are covered by the definition of biometric data only when processed through a specific technical means allowing the unique identification or authentication of a natural person. Such personal data should not be processed, unless processing is allowed in specific cases set out in this Regulation


The Principles relating to processing of personal data (Article 5) 

Personal data shall be:

i. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

ii. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);

iii. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

iv. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

v. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);

vi. rocessed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (‘accountability’).


Our Services

Our GDPR law firm is highly experienced in dealing with the transfer of individual's data to companies within the same organisations, different industries and across various countries. We offer a complete service to companies processing data or transferring data outside the EEA. We offer advice and assistance in relation to:



  • Advising on Data Accuracy especially in relation to Personal Data Breach
  • Advising the Controller and Processor on the Processing of Personal Data under the GDPR
  • Advising on Data Minimisation
  • Advising on GDPR Compliance
  • Advising on Data Integrity and Confidentiality
  • Advising on Lawfulness, Fairness and Transparency
  • Advising on Personal Data Breach
  • Advising on Purpose Limitation
  • Advising Organisations on Right of Access, Right to Rectification, Right  to Be Forgotten, Right to Data Portability, Right to Object 
  • Archiving and Data Minimisation
  • Conducting Data Protection Imapact Assessments
  • Drafting Controller Agreements
  • Drafting Joint Controller Agreements
  • Drafting Data Processing Agreements
  • Drafting Privacy Policies
  • Ensuring your Organisation's Compliance with the GDPR
  • Personal Data Breach
  • Putting in Place Risk Management and Security Measures (working with your management Team)
  • Notification of a Personal Data Breach to the ICO

  • Restricting the Processing of Personal Data
  • Security of Processing Personal Data
  • Transferring Data Abroad - Advising on the Risks and Issues plus Advising and Assisting with Measures that should be put in place before Transfer of Data
  • Unauthorised Disclosures
Data Storage 
  • Back-ups
  • Cloud Storage
  • Data Privacy
  • Data Retreival
  • Data Security
  • Digital Data Storage
  • Risk Management
  • Storage Limitation
  • Transfer of Digital Data
Data Storage & Security 
  • Data Management
  • Data Protection and Pharmacovigilance
  • Data Transfer
  • Digital Storage
  • Genomics Data
  • Cloud Storage
  • Security of Processing Personal Data



The advice you gave us on data protection...was clear, concise and practical .

Janine Dyer, Smith+co.


Some of the data protection issues our lawyers frequently come across are, difficulties in identifying personal from sensitive data, establishing whether adequate security measures are in place and whether all processing of data have been notified. Our data protection solicitors have considerable experience in advising and assisting organisations with data protection issues thus enabling them to become compliant under the DPA. Our firm also offers training in data protection. We undertake data protection audits and provide companies with practical tips on how to successfully safeguard data.


Related Services




I initially found RT Coopers through a Google search, while I was looking for a lawyer with expertise in the data protection and the freedom of information act. They gave me a thorough, detailed and clear review of the questions I needed answering, which will help me to shape my potential strategy for litigation. I am very impressed with their help and advice, especially as my questions were rather complicated. I would be very happy to recommend RT Coopers for your data protection and freedom of information act requirements.” TA


For more Testimonials on Data Protection. Contact us



Search Shadow


newsletter Shadow


Testimonial Bottom Shadow

testimonial Shadow Middle

More Testimonials

Testimonial Bottom Shadow