Data Privacy and Data Security

CIPP-E certified Legal Expertise

in data privacy and data security

At Orbital Law, we help companies with GDPR and data privacy compliance by providing the following services.

  • Data Privacy Impact Assessments
  • Data Privacy Audits
  • Legal Advice
  • Training and workshops

If you require legal advice or would like more information about our services, please get in touch with us below.

How we help our clients

GDPR Compliance Assessment

Assisted a non-EU based owner and operator of a digital marketplace trading in various virtual products, to develop a comprehensive GDPR compliance programme for its EU operations. We conducted an end-to-end audit of its internal data processing operations, including a data mapping exercise to show the client: (a) what personal data it holds;  (b) what it does with that data and where  (c) on what basis, and (d) what it tells data subjects. This exercise enabled the client to understand its data protection risks, thereby allowing it to effectively manage its data protection compliance programme.


IT Security Policies

Advised on and drafted a range of GDPR and information security policies and procedures, enabling the client to be not only compliant but able to demonstrate such compliance in line with the GDPR principle of accountability. The client was then able to re-focus on delivering its services to its customers rather than worrying about managing its compliance regime. 




Recent Blogs

We produce regular blogs on data privacy, cyber security and GDPR compliance and their impact on companies' legal and regulatory obligations. Some of our recent blogs are listed below. 

Data Breach

Data Breaches

A data breach involving potential unauthorised access to customers’ personal data can have disastrous consequences for companies including financial losses and reputational damage. The best way to manage it is to have a plan.

Read our blog Data Breach - What you should do.

Data Management

Data Management

Implementing the right attitudes and cultures from the outset will ensure that businesses adopt a responsible approach when it comes to honouring customer, employee, and other stakeholders’ personal data.

Read our blog Data Management - Taking a responsible approach.

Transfer of personal data

Transfer of Personal Data and SCCs

Transfer of Personal Data to third countries using Standard Contractual Clauses as the mechanism to demonstrate GDPR compliance is no longer sufficient.

Read our blog Transfer of Personal Data, SCCs and when you need Supplementary Measures to understand instances of where you may need to do more.

We are here to assist

If you require legal advice or would like to find out more about our services please get in touch.