End to End

Data Protection & GDPR Legal Services




GDPR and Data Protection Compliance is a legal requirement for all businesses. In the same way that Vehicle Insurance is not optional, all businesses of any size must be compliant and be able to demonstrate they are to the Information Commissioners Office (ICO), the public and their Suppliers and Trading Partners in Business.




Following Brexit on 1st January 2021 the UK Data Protection law changed fundamentally.


GDPR became UK-GDPR and the UK is now a '3rd Country' for international transfers of data.


**To discover how this affects YOU & YOUR business use our free telephone service below.**

NB: Transition Law offers a FREE Telephone Advisory Service for Businesses

which includes a written report on your GDPR compliance status.

To get your own FREE Telephone Assessment call us on 0330 2233 506


A)         FREE GDPR Legal Advice (Sometimes Referred to as a Gap Analysis Report)



              Failure to have Data Protection procedures or to follow them are offences for which the owner can be heavily 

              fined, get a Criminal record and be named and shamed on the ICO Website.


1)            Often business owners are unaware of the impact of GDPR on their business and those that do know about it

               rarely know what to do to protect themselves.


2)            Transition Law offers completely FREE GDPR Legal Advice to any business owner using our time tested and

               proven 1,2,3, system


              i) FREE Telephone Advisory Service – A 20-30 minute telephone call with an experienced GDPR legal advisor.

             ii) FREE Bespoke Legal Advice – GDPR is all about creating policies and procedures which have been created                         especially for your business. Copying & Pasting someone else’s won’t do and is illegal.

              iii) FREE Written Business Assessment Report. Following the telephone call, we email you a written report on  

                   the current GDPR status of your business and a step by step list of what you must do to achieve compliance.


3)            Full Details of the Free Advice 1,2,3 system are available on our A5 ‘Small Business Owners’ Card and on our

               Legal Services page HERE.



B)         Funding Your Compliance


Having established the needs of each business and explained the legal necessity of compliance, most owner’s minds turn to the cost of meeting them.


GDPR compliance is something that can be achieved ‘in house’ but the specialist legal knowledge required to write compliant documents that will stand up to scrutiny is often not available and hiring trained Data Protection staff is usually prohibitively expensive.


1)            Transition Law offers a full GDPR & Data Protection compliance package aimed at SMEs but fully scalable to 

               accommodate any size of business large or small.


2)            We have searched the marketplace for Grant funding related to achieving Data Protection compliance without

               success. Grant funders consider they will not pay for things a business is required to do by Law.


3)           Transition Law offers a full range of support information and legal services starting with a confidential and

              free of charge telephone assessment call with a Lawyer to establish a full gap analysis for your business.

​4)            Once compliant, a business can use the fact to its advantage. Advertising their compliance puts a business

               ahead of non-compliant competitors.


5)            Compliance is an extremely useful marketing tool, if the benefits of dealing with compliant businesses are

               fully understood and communicated to prospects. We have seen compliant organisations gain large amounts of

               new business, which they would not otherwise have been able to obtain.




C)         Transition Law S.H.I.E.L.D.


Differentiating a business which is compliant from one that is not can be a difficult task for consumers and Suppliers alike. Consequently, we have created a voluntary recognition and accreditation system for businesses called Transition Law S.H.I.E.L.D.


1)            The SHIELD programme is Free of Charge to any compliant business. It can be used to demonstrate GDPR  

               awareness and set them apart from competitors. Drawing attention to their SHIELD membership will

               greatly improve public confidence in them as a business and create opportunities for new business which is 

               only available to compliant firms.


2)            Every SHIELD Holder is allocated a page on the Transition Law SHIELD Web portal which they can link to their

               own website. The business can also use the SHIELD logo on their website, emails and business stationery.


3)            As a SHIELD Holder the business can access Member benefits such as a Legal Helpline for Data Protection

               queries, Compliant Marketing advice to keep them safe and legal along with help for responses to Subject

               Access Requests and Data Breaches, should one occur.


4)            Full details of membership are available in the Membership Booklet HERE.




D)           Data Protection Training


1)            One of the primary requirements for compliance in GDPR and Data Protection is to ensure all staff members

               are trained in the protocols. This is especially important where the staff are customer facing because they can

               be the recipient of a Data Protection Statutory Enquiry, known as a Subject Access Request.


2)             A Subject Access Request can arrive in any form, including verbal, they are time limited and If the staff don’t

                know what it is or how to deal with it, they can cause the business to pass the allotted time for a response and

                risk being reported to the Regulator or even fined.


3)             Transition Law has developed a series of workshop presentations for GDPR training which are suitable both 

                for business owners and staff. Presentations are tailored to the bespoke needs of the business and can run

                from an hour up to a full weekend of interactive ‘Bootcamp’ activities.


4)             Using bespoke packages for staff training demonstrates a ‘Culture of Compliance’ within your business which

                the ICO investigators will be looking for should the business become subject to an official Audit following a

                Data Protection Complaint.


5)              Data Breaches under GDPR must follow a self-reporting system, where the business is required to send

                 notification of the Data Breach to the ICO within 72 Hours. The initial report is done Online.


                 NB: It is not possible to report a Data Breach without answering questions about the training any relevant

                 staff members have received.


6)              It is of the highest importance that staff training includes sufficient elements of Data Protection Law and

                 practice so that all staff recognise their responsibilities under the Regulations.  At the very least, staff should

                 understand what is required of them in Law, be able to recognise a Data Breach and a Subject Access Request

                 along with the timescales businesses have for responding to each. Any training session should make clear to

                 staff the financial penalties available both to themselves personally and the business itself.


7)              Company Directors should be aware that the ‘Veil of Incorporation’ often provides no protection in GDPR

                 prosecutions. The ICO have established a procedure of issuing fines to Companies and waiting to see if the

                 Company attempts to voluntarily wind up its affairs. If this occurs they issue a High Court injunction

                 to prevent the winding up and subsequently make an application for the Director(s) to be disqualified, so

                 they cannot simply open a new Company and carry on as before.


                 NB: Recent figures released by the ICO state that so far they have disqualified 16 Directors for a total of over

                 100  years. They announced this as having ‘reached a Century’.


8)              The ICO has the power to fine a business a maximum of 4% of its turnover or 20 Million Euros whichever is

                 more. Fines for UK SME businesses during the last 12 months have mostly been in the £40,000 - £180,000

                 range but with some larger businesses being fined substantially more.


                  E.g. British Airways £183 Million and Marriott hotels £99 Million.