The legal protection attributed to personal data has, since the introduction of the EU General Data Protection Regulation (Regulation [EU] 2016/679) (GDPR) in 2018, been thrust into the limelight. The GDPR has tightened the obligations previously incumbent upon data controllers and data processors. In placing a newfound emphasis on accountability, it compels businesses, generally, to maintain an audit trail that records how they collect the personal data, what they do with such data, and for how long they retain that data. Inspiring accountability are the steep fines for privacy infringements which entities processing data now face; that is, a maximum of 20 million Euro or 4% of the relevant entity’s global turnover, whichever is greater.


City Legal provides assistance to both local and international clientele in the sphere data protection. Our services include:

  • the provision of ad hoc advice on individual aspects of the GDPR to each of data controllers, data processors or data subjects, as may be the case, to assist with ongoing compliance;
  • the formulation of individual data protection policies, including data retention policies, website privacy notices and employee privacy notices;
  • the carrying out of a complete audit (‘Gap Analysis’) on the client’s data handling activities in order to ensure that the entity gets in line with the GDPR’s requirements;
  • the provision of on-site training to staff on various aspects of the GDPR; and
  • assistance in the case of data protection-related disputes.