Data compliance

managing the risk whilst seizing the opportunities.


We all live in the data revolution. This has perhaps, in the legal world, become a bit lost in the tsunami of regulations and warnings which came with the GDPR and which then evolved with events including Brexit, Schrems II, and enforcement action against Big tech. All of this poses a real risk to business, but it is important to remember the value and opportunities we can derive from processing personal data.

Our expert team works with you to strike the balance between ensuring compliant business activities whilst leveraging the value of personal data (and customer relationships) your business may hold.  We take the time to understand your business, its unique needs, and how we can best help you move forward.


what we offer.

business strategy audit and processes.

The foundation of data compliance is understanding your business, the data which is processed, and the benefit it may have for your products and services. We work with clients to help them map the personal data held, understand why it is needed and for what purpose, as well as identify data transfers, data flows, and data sharing/processing relationships.

This includes embedding data compliance and privacy by design within related business contracts, strategy, and decision-making, as well as end-to-end advice and support for large-scale projects including data audits, IT migration, product launches, technology development, and data sharing/transfers.

compliance documentation.

Whether driven by regulatory requirements to provide privacy information, ensure contracts are drafted correctly, establish compliant data transfer mechanisms, or generally demonstrate accountability under the UK GDPR, a business will always need to start with its policies, procedures, and contracts.

However, and more than this, these documents provide clarity so that personnel understands how they may treat data and innovate using it, whilst providing for robust and documented data sharing and processing which underpin product development, service delivery as well as R&D.

We support clients with:

  • Creation and review of related policies, including privacy information, data protection and retention, Infosec, BYOD, and mobile/home working;
  • Personal data-focused contract drafting, including data-sharing agreements, data licensing arrangements, data processing addendums, and SCCs.
  • Cookies guidance, Policy drafting, and advice.

engaging with the people whose data you hold (data subjects).

No matter your business sector, your business activities will always involve the processing of personal data of “data subjects”, whether this is your employees, end consumers, contacts at suppliers, or subscribers to your marketing lists. Whilst this is to be expected, it is also to be expected that engaging and communicating with these individuals requires due consideration and attention. 

Whether you are looking to implement a new marketing strategy or buy a database, seeking to make a change in your employment structure, understand your consumer behaviour, or respond to an access request, it is important to understand the requirements so your business can make the most of its valuable relationships. Our team will guide you through these interactions, including:

  • Responding to rights requests and DSARS
  • Implementing a new, compliant marketing strategy 
  • Managing employee complaints claims and restructures
  • Leveraging third-party database suppliers
  • Analysing and communicating with your consumer base

ICO engagement and enforcement.

In the event that regulatory oversight has become required or otherwise enforced, for example in the event of a data breach, managing a complaint, or other enforcement activity, we will support you through engagement with the ICO. We find that by engaging fully with regulatory processes, having clear processes and policies in place, and taking prompt remedial action, the ICO seeks to work with businesses in most instances. 

We also believe there is a real benefit in looking to include the ICO in new product ideas and innovations involving personal data processing in a new or unusual way, to ensure that delays and u-turns are avoided further down the line, whilst allowing a business to focus on deriving the value from the effort put in. Whatever the reason for engaging with the ICO, we will support you through the process.

how it works.

It starts with a conversation to understand your current needs or concerns in relation to data compliance, as well as gathering information on the wider context of how your business operates and the data it processes. From there will agree with you on a scope of recommended actions and priority so that resources can be allocated sensibly and proportionately. It may be that a full audit is relevant, or just an update of an existing policy, but in any event, we always agree on a clear and transparent scope with you. We can offer fixed fees, retainer, and T&M-based services.

what our happy clients have to say…

Lawbox Design

who are we?

At Lawbox Design we create innovative legal solutions for dynamic finance businesses, startups, and scaleups by applying design thinking principles to legal services.

user-centric legal service.

Legal design at Lawbox is about making the legal user experience better. We deliver legal services for finance and other regulated businesses, startups, and scaleups by putting people first. It’s about applying a shift in mindset and questioning how fit-for-purpose traditional legal solutions really are.


expert Lawboxers.

What we offer isn’t just client empowerment and straight-talking legal advice – our consultants or “Lawboxers” are also experts in the areas of financial regulation and compliance, commercial, and corporate law.

We passionately believe that, when applied strategically, legal design can improve business performance, innovation, brand perception, audience engagement, and conversion rates.


can we help you?

We’d love to help you with any legal requirements that you may have! Why not get in touch for a chat and we can discuss how we can help?

Get in touch

The path to better legal services starts right here!

Send us your details or drop us a line and let’s see how we can help.

Back to top