The GDPR is a far-reaching data privacy and security regulation which covers a wide range of areas related to the processing of personal data. Personal data covers information such as names, addresses and locations, email addresses, ethnicity, gender, biometric data, religious beliefs, political opinions and even pseudonymous online identifiers.

Since it came into force in 2018 is has become a key issue for organisations. Due to its wide-reaching nature, the interpretation and application of the GDPR can be difficult to understand without expert advice. Chambers is well suited to advising clients on a range of areas from GDPR compliance for new organisational policies through to cyber attacks and the loss of personal/sensitive data.

Read more

The nature of our police expertise makes our barrister particularly well-suited to advising clients on the most sensitive matters arising from the GDPR including the application of the seven protection and accountability principles:

  • Lawfulness, fairness and transparency — Processing must be lawful, fair, and transparent to the data subject.
  • Purpose limitation — You must process data for the legitimate purposes specified explicitly to the data subject when you collected it.
  • Data minimisation — You should collect and process only as much data as absolutely necessary for the purposes specified.
  • Accuracy — You must keep personal data accurate and up to date.
  • Storage limitation — You may only store personally identifying data for as long as necessary for the specified purpose.
  • Integrity and confidentiality — Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).
  • Accountability — The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.

Common issues that can arise in the GDPR context include: 

  • Disclosure (and injunctions to prevent disclosure)
  • Advising on the rights of data subjects
  • Compliance of policies with the GDPR
  • Data breaches (and claims for data breaches)
  • The right to be forgotten or the right to erasure

Other areas of law with which intersect with GDPR work include: 

  • Police law (as the police often process highly sensitive data)
  • Human rights, namely the European Convention on Human Rights, especially article 8 (private life) and less frequently article 10 (freedom of expression)
  • Freedom of Information Act
  • Data protection including the Data Protection Acts
  • Discrimination including the Equality Act 2010.

Recent cases that involve the application of the GDPR include:

R. (on the application of Strain) v Chief Constable of Greater Manchester [2023] EWCA Civ 240: A judge had not erred in refusing an application for permission to seek judicial review of a decision by a police force not to delete an intelligence report from the applicant’s police records. The report was fair, adequate, relevant, accurate and up-to-date and there was not a sufficiently arguable case that, in processing the applicant’s data in the report, the police force had breached its GDPR duties under the Data Protection Act 2018.

Mueen-Uddin v Secretary of State for the Home Department [2022] EWCA Civ 1073 (under appeal): Claims for libel and data protection (including under the GDPR) arising from a Home Office report which referred, in a footnote, to the claimant having been found guilty of crimes against humanity had been rightly struck out as an abuse of process.

Clearcourse Partnership Acquireco Ltd v Jethwa [2022] EWHC 1199 (QB): An interim non-disclosure order case in which a screenshot of the office CCTV recording private discussions had been compiled and retained without the participants’ consent, contrary to the UK GDPR art.6.

In addition to advising clients, our team provides training in this area, including information sharing between public bodies and the impact of GDPR. Please contact our clerking team to find out more.

For more information please contact our clerks.

Call +44 (0) 20 7410 2000 or click here to email

GDPR Barristers

King's Counsel

Jason Beer KC

Call 1992 | Silk 2011

Fiona Barton KC

Call 1986 | Silk 2011

Anne Studd KC

Call 1988 | Silk 2012

Francesca Whitelaw KC

Call 2003 | Silk 2023

Charlotte Ventham KC

Call 2001 | Silk 2024

Juniors (10+ years)

Andrew Waters

Call 1987

Russell Fortt

Call 1999

Beatrice Collier

Call 2004

Mark Thomas

Call 2006

Georgina Wolfe

Call 2006

Jonathan Dixey

Call 2007

Emma Price

Call 2007

Saara Idelbi

Call 2008

Robert Cohen

Call 2009

Robert Talalay

Call 2010

Alex Ustych

Call 2010

Catriona Hodge

Call 2012

Aaron Moss

Call 2013

Juniors (under 10 years)

John Goss

Call 2015

Peter Laverack

Call 2015

Aimee Riese

Call 2016

David Messling

Call 2017

Jennifer Wright

Call 2018

Conor Monighan

Call 2019

Paige Jones

Call 2021

Jack Palmer

Call 2022

Latest News & Events

View all

Compiled by Aaron Moss and John Goss (January 2022) We are delighted to share the…

Discover more

 The seminar, GETTING UNDER THE SKIN OF THE GDPR: HOT TOPICS will be hosted by…

Discover more


Portfolio Builder

Select the practice areas that you would like to download or add to the portfolio

Download    Add to portfolio   
Title Type CV Email

Remove All


Click here to share this shortlist.
(It will expire after 30 days.)