GDPR Contract and Legal Services

GDPR Contract and Legal Services

Get legal and compliance advice on your data privacy documentation and commercial agreements to comply with data protection law.

Our legal team can review, update or draft the full range of bespoke data protection documentation, commercial agreements and HR documents, and provide advice on international data transfers, including SCCs (standard contractual clauses).

Enquire today
Price: £0.00
Excluding VAT

Get help from the data privacy specialists

Reviewing and updating your data protection documentation and commercial agreements to align with the GDPR (General Data Protection Regulation) and DPA (Data Protection Act) 2018 can be a time-consuming and legally complex task.

You must:

Regularly review and update your data privacy documentation and commercial agreements to reflect changes in the law and the way your organisation operates. Your privacy documentation needs to accurately reflect the kind of data you collect; how you collect, process and store it; how long you keep it for; and your reasons for doing so. You might also have to consider which markets you operate in and how your documentation and commercial agreements need to be updated in relation to applicable data protection laws.

Our legal team can help you with a wide range of data privacy documentation, including bespoke documentation. This includes support with the following:

Privacy and cookie notices

Privacy policies and statements

GDPR-compliant marketing consents and policies

Article 30 records of processing activities

Data breach handling procedures

Managing DSARs and advising on procedure

Supply chain contracts, data processor contracts and data sharing agreements

Advising on the legal basis for processing

Homeworking policies

International data transfers and appropriate safeguards, including SCCs and BCRs

We advise clients in a variety of sectors on privacy, data retention and information security policies. We can help you negotiate the complexities of international data transfers and ensure you have the right safeguards in place. This includes TIAs (transfer impact assessments), SCCs and managing BCR registrations with data protection authorities.

"We selected GRCI Law in 2019 as our Data Protection Officer (DPO) and EU/UK GDPR Representatives to ensure compliance with the GDPR for clinical trials we are conducting in the EU and UK. They’ve been instrumental in providing the necessary data privacy guidance required to obtain Ethics Committee and Regulatory approvals for our trials. They continue to provide strategic and timely advice on the evolving GDPR landscape, and proactively keep us informed of data protection guidance and regulations as they become available. GRCI Law has been our trusted partner in GDPR compliance, and we can wholeheartedly endorse their services for European and UK clinical trials."

- Nestor Gonzales, Senior Director, Quality and Compliance
Nevakar Injectables, Inc.

Buy now, pay later

Enjoy the benefits of paying by purchase order with a GRCI Law corporate account. Apply online today or call our service centre team on +44 (0)333 900 5555.

Learn more

About us

We are a specialist consultancy firm offering a full suite of data protection and data privacy compliance solutions and associated non-reserved legal services. Our clients operate globally in a wide range of sectors including health and social care, education, professional services, retail, technology, media and telecoms.

We are market leaders in terms of depth and breadth of experience. Our team of lawyers and DPOs (data protection officers) have decades of experience and sector-specific knowledge between them.

We offer legal risk and compliance consultancy advice that you can trust, but without the burden of administrative duties and expenses that law firms must bear to carry out certain ‘reserved legal activities’, such as litigation, conveyancing and advocacy.

Your Team

Natalie Whitney – Head of Contract and Legal Services

Natalie is a member of our senior management team and is an expert in business risk management. She is a qualified commercial, contracts and data protection lawyer with more than 25 years of international experience. At GRCI Law, she advises clients on a wide range of data privacy issues including multi-jurisdictional issues, due diligence for acquisitions, and legal compliance issues relating to marketing, CRM systems, HR, supplier agreements, cross-border data transfers and SCCs. Her previous experience includes advising on commercial contracts and policies, risk, data protection, competition law and intellectual property. She has advised UK councils, UK government departments and several multinational organisations.


Kirsten Craig - Data Privacy Lawyer

Kirsten is a solicitor with more than 20 years’ experience working both in-house and in private practice, and is a specialist in data privacy. Her experience includes working as senior data privacy counsel for the European arm of a global health insurance provider and as compliance counsel within regulated industries, including for Scotland’s largest social housing provider and a leading Scottish alcoholic beverages manufacturer. She has designed and implemented European data protection policies, procedures, and strategy, been responsible for data privacy management and monitoring, and created and implemented global data protection and information management strategies, including working on projects for Asia, the Middle East, Canada and the US. Kirsten also has extensive professional experience in private practice and is a fluent German speaker.


Loredana Tassone – Managing Consultant, Head of EU & UK Representative Service

Loredana oversees operations, service delivery, and management and development of the consultant team. She has more than 15 years’ experience in the fields of privacy rights, data protection and cyber security in both the private and public sectors. She is a specialist in international and European law, and a qualified attorney at law in France and Italy. Based in Brussels, she advises GRCI Law clients on a wide range of data privacy issues. She is a certified GDPR consultant, DPO and trainer, and has worked at the European Court of Human Rights, at the Directorate General of Human Rights and Legal Affairs of the Council of Europe, and for international law firms in the EU.

Find out more

Speak to an expert

If you have any queries or you’re unsure of how to progress, please get in touch with our team of experts, who will be able to assist with your enquiry and provide guidance options.

Enquire today