0141 204 7844 | mail@cameronmacaulay.law
Mobile Navigation
< Return to Our Services

GDPR, Privacy, and Data Protection

What is the GDPR?

Data protection rights in the UK are governed by the Data Protection Act 2018 and the wider GDPR (General Data Protection Regulations) which apply to any organisation holding personal data. Although the Regulation originates from the EU, it was adopted by the UK Government following Brexit and is now UK law.

GDPR covers information held by organisations concerning their employees, customers, clients, and individual suppliers and contractors.

Why is GDPR Important?

GDPR is important because it introduces new rights and obligations and a financial penalty regime for organisations that do not comply. It is essential that organisations who hold and process personal data relating to individuals are fully compliant with the principles set out in GDPR. In the UK, the supervisory authority is the Information Commissioner’s Office (ICO). The ICO has enforcement powers. They can impose reprimands, warnings, restrictions, and orders for compliance, and ultimately, financial penalties. The maximum fines for non-compliance varies according to the nature of the breach, but is either the greater of 2% of the organisation’s annual turnover or €10 million, or the greater of 4% of turnover or €20 million. The scale of these financial penalties makes GDPR important for every organisation processing data.

Data Protection Principles

There are eight key principles. These are that personal data should:

  • be processed fairly and lawfully and not otherwise;
  • only obtained for one or more lawful purpose;
  • be adequate, relevant, and not excessive;
  • be accurate and up-to-date;
  • not kept for longer than necessary;
  • be processed in accordance with the Act;
  • be subject to appropriate security measures to avoid loss, damage, and unauthorised disclosure; and
  • not transferred outside the European Economic Area unless the destination country ensures equivalent protections.

Under GDPR, organisations are obliged to demonstrate compliance with the above principles.

Cameron Macaulay can assist you in complying with the Regulations by:

  • Providing privacy statements;
  • Drafting data protection and retention policies;
  • Creating processes for responding to data subject access requests and requests for the removal of personal data; and
  • Reviewing current contracts to ensure GDPR compliance.

Compensation Claims

Individuals can claim compensation from organisations that infringe their data protection rights, and we have successfully acted for clients in such claims.

Right To Be Forgotten

GDPR introduced the ‘right to be forgotten’, which gives individuals the right to ask an organisation to remove data held about them where it is no longer necessary or is being unlawfully processed.

Subject Access Requests

Individuals have a right to make a subject access request, which obliges an organisation to provide copies of all the data they hold in relation to the person. And, the organisation must comply within one month and free of charge.

For further information, please contact our GDPR lawyers on 0141 204 7844, at mail@cameronmacaulay.law or complete our online form.

CALL TODAY ON 0141 204 7844 OR CONTACT US

Glasgow Office

144 Baltic Chambers
50 Wellington Street
Glasgow, G2 6HJ

Tel: 0141 204 7844
Email: mail@cameronmacaulay.law

Ayrshire Office

1 Glebe Street
Stevenston
KA20 3EN

Tel: TBC
Email: mail@cameronmacaulay.law

Campbeltown Office

Kinloch Hall
Lochend Street
Campbeltown, PA28 6DL

Tel: TBC
Email: mail@cameronmacaulay.law

Lochgilphead Office

7 Argyll Street
Lochgilphead
PA31 8LZ

Tel: TBC
Email: mail@cameronmacaulay.law

Privacy Policy | Copyright © 2026 Cameron Macaulay Solicitors. All rights reserved
Website by Coire Creative