About Us

GRCI Law Ltd is a subsidiary of GRC International Group plc.

GRCI Law is a legal, risk and compliance consultancy firm, advising clients in the fields of data protection, data privacy, cyber and information security law. We are at the forefront of developments in this constantly evolving, challenging and complex field.

Led by our team of experienced DPOs (data protection officers), lawyers, barristers, and information and cyber security experts, we provide DPO, breach, data privacy management, and data subject access request support, and associated non-reserved legal services. The GRCI Law team speaks several languages, including Spanish, French, German, Italian, and Greek.

Want to know more?

Download our brochure to find out about the services we offer our clients >>

Not a traditional law firm

We offer legal risk and compliance consultancy advice that you can trust, but without the burden of administrative duties and expenses that law firms must bear in order to carry out certain ‘reserved legal activities’, such as litigation, conveyancing and advocacy.

Because we don’t provide these reserved legal activities, we can offer you more cost-effective legal advice.

Faster, more cost-effective and no conflicts of interest 

We provide the independent support and services that traditional law firms cannot – either because they lack the necessary resources or because doing so would create a conflict of interest.

For example, the GDPR stipulates that although the DPO may fulfil other tasks and duties, doing so must not result in a conflict of interest.

Regulated solicitors therefore often can’t act for their clients as both DPO and lawyer. Outsourcing the DPO function to GRCI Law removes that conflict, enabling clients to continue to instruct their solicitors for legal advice on the ‘reserved legal activities’.

Indeed, for most firms, it is more cost-effective to use our services than incur additional liabilities and risks by providing these services themselves.

All the GDPR support you need

  • Clients often struggle to manage their own GDPR compliance programmes. Our GDPR Data Privacy Manager Service can help.
  • Reviewing contracts to ensure they are aligned with the law is a challenge for anyone without a legal background. Our Legal & Contracts Service can help.
  • The GDPR has created a huge demand for appropriately experienced and knowledgeable DPOs – official guidance recommends four to five years’ experience – that far outstrips supply. Our DPO as a Service (DPOaaS) can help.
  • When data breaches occur, time is of the essence. To meet the GDPR’s 72-hour personal data breach reporting requirement, you need to respond appropriately and effectively. Our GDPR Breach Support Service can help.

GRCI Law has the required knowledge and experience to help in these situations. We are qualified lawyers, and cyber and information security and data protection practitioners with years of experience.

Because we aren’t a traditional law firm, we don’t have to deal with the additional red tape and regulation that they do, so we can help you more quickly and at a better price.

Although part of GRC International Group, GRCI Law is a wholly independent company with its own management structure and staff. This means we can provide our services entirely independently of our other group companies.

The benefit is that any remediation work we recommend can be carried out by IT Governance consultants without fear of any conflict of interest arising. We are able to independently review that work and conduct an internal audit to provide independent assurance that a client’s risk management, governance and internal control processes are operating effectively.  

Contact us

For more information about our services and what we can do to help you, call us on +44 (0)333 900 5555 or email grcilaw@griclaw.com.