GRCI Law Ltd is a subsidiary of GRC International Group plc.
We are a legal risk and compliance consultancy that specialises in data protection and privacy law, including the DPA (Data Protection Act) 2018 and the EU’s GDPR (General Data Protection Regulation), cyber and information security, and legal and compliance advisory services – areas that many traditional law firms do not have the resources (or the interest) to address.
Led by our management team of experienced DPOs (data protection officers), lawyers, barristers, and information and cyber security experts, we provide DPO, breach, data privacy management, and data subject access request support, and associated non-reserved legal services. The GRCI Law team speaks several languages, including Spanish, French, German, Italian, Greek and Afrikaans.
We offer legal risk and compliance consultancy advice that you can trust, but without the burden of administrative duties and expenses that law firms must bear in order to carry out certain ‘reserved legal activities’, such as litigation, conveyancing and advocacy.
Because we don’t provide these reserved legal activities, we can offer you more cost-effective legal advice.
We provide the independent support and services that traditional law firms cannot – either because they lack the necessary resources or because doing so would create a conflict of interest.
For example, the GDPR stipulates that although the DPO may fulfil other tasks and duties, doing so must not result in a conflict of interest.
Regulated solicitors therefore often can’t act for their clients as both DPO and lawyer. Outsourcing the DPO function to GRCI Law removes that conflict, enabling clients to continue to instruct their solicitors for legal advice on the ‘reserved legal activities’.
Indeed, for most firms, it is more cost-effective to use our services than incur additional liabilities and risks by providing these services themselves.
GRCI Law has the required knowledge and experience to help in these situations. We are qualified lawyers, and cyber and information security and data protection practitioners with years of experience.
Because we aren’t a traditional law firm, we don’t have to deal with the additional red tape and regulation that they do, so we can help you more quickly and at a better price.
Although part of GRC International Group, GRCI Law is a wholly independent company with its own management structure and staff. This means we can provide our services entirely independently of our other group companies.
The benefit is that any remediation work we recommend can be carried out by IT Governance consultants without fear of any conflict of interest arising. We are able to independently review that work and conduct an internal audit to provide independent assurance that a client’s risk management, governance and internal control processes are operating effectively.