Question 1

4. Do I need a Data Protection Officer (DPO)?

Accepted Answer

Not all businesses need a DPO, but it's legally required if you carry out large-scale data processing, monitor individuals, or handle special category data such as health data. Most companies now nominate a member of staff as their privacy officer. However the difficulty with this is that whoever is nominated needs to understand the responsibilities involved. WDPS can help you determine if you need a DPO and provide outsourced DPO support if needed.

Question 2

8. How much does a data protection lawyer charge?

Accepted Answer

It all depends, but typically costs start at £400 per hour. Day rates may vary depending on the complexly and speed. For example when dealing with sensitive data, it requires a higher degree of competence than just setting out a standard privacy policy. We keep our fees as transparent and provide flexible pricing tailored to your needs. It's worth getting in touch to discuss costs as everyone has different needs.

Question 3

What are the Penalties for Non-Compliance with GDPR?

Accepted Answer

Non-compliance with GDPR may lead to fines for both large and small businesses. Specifically, the amount of the GDPR fine is dependent on many factors. For instance, it will make a significant difference whether non-compliance was deliberate or due to negligence, and moreover, how well your business cooperates with the authorities plays a critical role. Consequently, the upper limits of GDPR penalties are: Up to £8.7 million or 2% of annual global turnover (whichever is higher) for less serious infringements. And fines of up to £17.5 million or 4% of annual global turnover for severe infringements. Find more about penalties from the Information Commissioner's Office (ICO) here.

Question 4

What are the Benefits of GDPR Compliance?

Accepted Answer

First and foremost, GDPR compliance protects the people behind the data. By following GDPR requirements, you ensure informal self-determination and privacy of your customers, employees and contacts. And GDPR compliance even brings several business benefits, including greater trust and credibility between organisation and the data subjects, improved data security, reduced data maintenance costs, right alignment with latest technology, and better decision-making for companies. Also, complying with the GDPR helps in minimisation of data breach risks that could not only lead to fines, but can also negatively affect the brand image.

Question 5

Which Organisations Must Appoint a DPO Under GDPR?

Accepted Answer

Under the UK GDPR, an organisation must appoint a DPO if it’s a public authority, its core activities involve large scale data processing that requires regular and systematic monitoring of individuals, or if its core activities consist of large-scale processing of special categories of data or data relating to criminal convictions and offences. Despite there being no legal mandate to hire a Data Protection Officer (DPO) upon reaching a specific number of employees, numerous companies nonetheless choose to appoint a DPO to effectively navigate through complex privacy requirements.

Question 6

Why is Data Protection Important?

Accepted Answer

Data protection is essential because it significantly enhances the protection of data subjects' rights. Furthermore, it explicitly clarifies what companies must do to safeguard these rights while processing personal data. Consequently, within the UK, GDPR prompted the enactment of the Data Protection Act (2018), which effectively superseded the previous 1998 Data Protection Act.

Question 7

What are the 7 main principles of GDPR?

Accepted Answer

Lawfulness, fairness, and transparency; Purpose limitation; Data minimisation; Accuracy; Storage limitation; Integrity and confidentiality; and Accountability. These principles are found right at the outset of the GDPR, and inform and permeate all other provisions of that legislation.

Question 8

How does GDPR relate to marketing?

Accepted Answer

Firstly, GDPR significantly restricts the collection of new email addresses and other forms of contact information. Additionally, it also governs the use of existing email addresses and other contact details, ensuring strict compliance with privacy regulations. How does GDPR relate to marketing? Firstly, GDPR significantly restricts the collection of new email addresses and other forms of contact information. Additionally, it also governs the use of existing email addresses and other contact details, ensuring strict compliance with privacy regulations. You can send direct marketing emails to existing customers without their prior consent if you have an existing relationship with them.

Data protection legal and compliance support for UK organisations

Led by Clara Westbrook, a qualified solicitor and barrister with over 25 years’ experience, WDPS helps organisations handle DSARs, audits, privacy compliance, PECR and AI governance with practical, commercially focused advice.

Why organisations use WDPS

We can support you in all areas of data protection — from audits to privacy policies, tailored for every sector

Discover more from us

Our Team

Training

Guidance

Commercial contract review services for UK businesses

Legal document signing & certification services

Our areas of expertise

Compliance & Governance
→

Advisory & Ongoing Support
→

Risk, Incidents & Enforcement
→

Marketing & PECR Compliance
→

Document Signing
→

Fast and reliable subject access request response service

Stay ahead with expert data protection tips
Get practical advice, legal updates, and exclusive insights.

Latest Insights