End to End

Data Protection & GDPR Legal Services




GDPR and Data Protection Compliance is a legal requirement for all businesses.


In the same way that Vehicle Insurance is not optional, all businesses of any size must be compliant with GDPR and be able to demonstrate they are to the Information Commissioners Office (ICO), the public and their Suppliers and Trading Partners in Business.


Some business owners are surprised when a supplier or a customer asks them if they are GDPR compliant but they shouldn’t be. The Supplier or Contractor has a legal duty to make the enquiry and for a customer they are simply showing they are smart enough not to give their money or personal data to a business that can’t be trusted with it!


NB: Transition Law offers a FREE Telephone Advisory Service for Businesses

which includes a written report on your GDPR compliance status.

To get your own FREE Telephone Assessment call us on 01543 547002

A)         FREE GDPR Legal Advice (Sometimes Referred to as a Gap Analysis Report)




              Failure to have Data Protection procedures or to follow them are offences for which the owner can be heavily 

              fined, get a Criminal record and be named and shamed on the ICO Website.


1)            Often business owners are unaware of the impact of GDPR on their business and those that do know about it

               rarely know what to do to protect themselves.


2)            Transition Law offers completely FREE GDPR Legal Advice to any business owner using our time tested and

               proven 1,2,3, system


               i) FREE Telephone Advisory Service – A 20-30 minute telephone call with an experienced GDPR legal advisor.

             ii) FREE Bespoke Legal Advice – GDPR is all about creating policies and procedures which have been created                especially for your business. Copying & Pasting someone else’s won’t do and is illegal.

               iii) FREE Written Business Assessment Report. Following the telephone call, we email you a written report on  

               the current GDPR status of your business and a step by step list of what you have to do to achieve compliance.


3)            Full Details of the Free Advice 1,2,3 system are available on our A5 ‘Small Business Owners’ Card and on our

               Legal Services page HERE.



B)         Funding Your Compliance


Having established the needs of each business and explained the legal necessity of compliance, most owner’s minds turn to the cost of meeting them.


GDPR compliance is something that can be achieved ‘in house’ but the specialist legal knowledge required to write compliant documents that will stand up to scrutiny is often not available and hiring trained Data Protection staff is usually prohibitively expensive.


1)            Transition Law offers a full GDPR & Data Protection compliance package aimed at SMEs but fully scalable to 

               accommodate any size of business large or small.


2)            We have searched the marketplace for Grant funding related to achieving Data Protection compliance without

               success. Grant funders consider they will not pay for things a business is required to do by Law.


3)           Transition Law has decided to offer discounted rates to help Organisations achieve compliance, as below. 

To access the Funding assistance for Compliance matters businesses must fit the following criteria:


i)   The Business must have been formed and be based in the UK.


ii)  The Business must be able to register with the ICO at Tier 1 or Tier 2.


Plus ONE or more of the following:


To receive a 30% Fee Reduction: Be Referred by existing S.H.I.E.L.D. Holder     

To receive a 20% Fee Reduction:   


a)  Be a Member of a UK Chamber of Commerce.

b)  Operate in a Business Improvement District (BID).

c)  Be a CQC registered care business.

d)  Be a Registered Charity.

e)   Be a Community Interest Company. (CIC)

f)   Be a ‘Not for Profit’ Company.


Further details on Funding assistance available on request.

4)            Once compliant, a business can use the fact to its advantage. Advertising their compliance puts a business

               ahead of non-compliant competitors.


5)            Compliance is an extremely useful marketing tool, if the benefits of dealing with compliant businesses are

               fully understood and communicated to prospects. We have seen compliant organisations gain large amounts of

               new business, which they would not otherwise have been able to obtain.




C)         Transition Law S.H.I.E.L.D.


Differentiating a business which is compliant from one that is not can be a difficult task for consumers and Suppliers alike. Consequently, we have created a recognition and accreditation system for compliant businesses called Transition Law S.H.I.E.L.D.


1)            The SHIELD programme is Free of Charge to any compliant business. It can be used to demonstrate GDPR  

               compliance and set them apart from a non-compliant competitor. Drawing attention to their SHIELD

               membership will greatly improve public confidence in them as a business and create opportunities for new 

               business which is only available to compliant firms.


2)            Every SHIELD Holder is allocated a page on the Transition Law SHIELD Web portal which they can link to their

               own website. The business can also use the SHIELD logo on their website, emails and business stationery.


3)            As a SHIELD Holder the business can access Member benefits such as a Legal Helpline for Data Protection

               queries, Compliant Marketing advice to keep them safe and legal along with help for responses to Subject

               Access Requests and Data Breaches, should one occur.


4)            Full details of membership are available in the Membership Booklet HERE.




D)           Data Protection Training


1)            One of the primary requirements for compliance in GDPR and Data Protection is to ensure all staff members

               are trained in the protocols. This is especially important where the staff are customer facing because they can

               be the recipient of a Data Protection Statutory Enquiry, known as a Subject Access Request.


2)             A Subject Access Request can arrive in any form, including verbal, they are time limited and If the staff don’t

                know what it is or how to deal with it, they can cause the business to pass the allotted time for a response and

                risk being reported to the Regulator or even fined.


3)             Transition Law has developed a series of workshop presentations for GDPR training which are suitable both 

                for business owners and staff. Presentations are tailored to the bespoke needs of the business and can run

                from an hour up to a full weekend of interactive ‘Bootcamp’ activities.


4)             Using bespoke packages for staff training demonstrates a ‘Culture of Compliance’ within your business which

                the ICO investigators will be looking for should the business become subject to an official Audit following a

                Data Protection Complaint.


5)              Data Breaches under GDPR must follow a self-reporting system, where the business is required to send

                 notification of the Data Breach to the ICO within 72 Hours. The initial report is done Online.


                 NB: It is not possible to report a Data Breach without answering questions about the training any relevant

                 staff members have received.


6)              It is of the highest importance that staff training includes sufficient elements of Data Protection Law and

                 practice so that all staff recognise their responsibilities under the Regulations.  At the very least, staff should

                 understand what is required of them in Law, be able to recognise a Data Breach and a Subject Access Request

                 along with the timescales businesses have for responding to each. Any training session should make clear to

                 staff the financial penalties available both to themselves personally and the business itself.


7)              Company Directors should be aware that the ‘Veil of Incorporation’ often provides no protection in GDPR

                 prosecutions. The ICO have established a procedure of issuing fines to Companies and waiting to see if the

                 Company attempts to voluntarily wind up its affairs. If this occurs they issue a High Court injunction

                 to prevent the winding up and subsequently make an application for the Director(s) to be disqualified, so

                 they cannot simply open a new Company and carry on as before.


                 NB: Recent figures released by the ICO state that so far they have disqualified 16 Directors for a total of over

                 100  years. They announced this as having ‘reached a Century’.


8)              The ICO has the power to fine a business a maximum of 4% of its turnover or 20 Million Euros whichever is

                 more. Fines for UK SME businesses during the last 12 months have mostly been in the £40,000 - £180,000

                 range but with some larger businesses being fined substantially more.


                  E.g. British Airways £183 Million and Marriott hotels £99 Million.

  • Twitter Social Icon
  • LinkedIn Social Icon

Transition Law is a compliant business under GDPR & UK Data Protection Law. Click the S.H.I.E.L.D to verify our status

SHIELD Transparent.png

©2019 by Transition Law.

Transition Law is a Data Controller under the provisions of the
Data Protection Act. Our ICO Registration Number is: ZA298185