Privacy and
Data Protection Law

With qualifications in the UK and Canada and a pragmatic approach, Plain English Law helps you build compliance seamlessly into your business.

Privacy Documentation and Processes

Data Mapping

Typically the first step to compliance, we'll help you identify and record:

This information is used to create a record of personal data you use, such as required by GDPR Article 30.

Gap Analysis

Nobody's perfect. Most businesses have some data handling processes that don't comply with privacy laws.

A structured gap analysis can identify and close these compliance gaps.

This is most easily done along with data mapping. As we find issues, we help you develop solutions that work with your business, and create a record of the process.

Data Protection Impact Analysis

Some uses of personal data are risky and require a documented, formal data protection impact assessment (DPIA).

We can support you and your staff to:

Plain English privacy documentation

Most privacy laws require you to be transparent. You must tell people what data you have about them and what you are doing with it.

It's harder than it looks. Too much detail can make your privacy notice hard to understand. Customers don’t like that, and neither do privacy regulators.

Let us help you strike the right balance with plainly written, concise, legally compliant privacy notices.

Data breach response

Mistakes happen. Defences can be breached.

What do you do if personal data is stolen or leaked? Your response to the breach can be just as important as preventing it in the first place. And you'll have little time to weigh your options.

We can help you to:

Data subject rights

Most data protection laws, including GDPR and PIPEDA, give individuals a series of rights:

Responding to a data subject can be complicated. Deadlines are tight, and your response must respect the legal rights of others. Increasingly, employees request to access information about dismissals and redundancy processes.

We can help you to:

DPO as a Service

The GDPR requires some organisations to appoint a Data Protection Officer (DPO). Others may choose to appoint one without being required.

The DPO is an independent advisor reporting to the highest levels of management. DPOs monitor compliance and advise on privacy operations, such as DPIAs and maintaining records of processing activities. They also liaise directly with the data protection supervisor, such as the UK's Information Commissioner, on privacy matters and mandatory consultations.

The GDPR requires all DPOs to have expert knowledge of data protection law and practice. Plain English Law can provide an expert DPO, qualified as both a solicitor and as a IAPP-accredited CIPP/E (Certified Information Privacy Professional/Europe).

UK Data Protection Representative

Some companies outside the UK need to comply with the UK’s GDPR. That can include appointing a UK-based GDPR Representative if you have no "establishment" in the UK.

Wherever you are in the world, you must comply with the UK GDPR to:

If you have no "establishment" in the UK, then to comply with the UK GDPR you must appoint a GDPR representative in the UK. This applies to both controllers and processors anywhere outside the UK (including in the EU after Brexit).

The UK Representative has a more limited role than a DPO. A representative is the first point of contact for UK data subjects and the Information Commissioner’s Office.

Starting from £240 per year (plus a start-up fee of £100) plus VAT or GST/HST, with our UK Representative service:

We can also do the following as needed for additional fees:

Need Help in Plain English?

Contact us today by sending a message, booking a 30-minute initial consultation at no charge or requesting a call back.

Our approach

First, do business. Then worry about the legals. Plain English Law gives practical, commercially smart legal advice and produces documents in everyday language.

Fixed-fee and Hourly

Where possible, we prefer to quote fixed fees to reflect the value you receive instead of the time we put in. If this isn’t practical, we bill at an hourly rate and give you our best estimate of the expected costs.

Virtual Counsel

Perfect for larger projects, providing surge capacity for an existing in-house legal team, or helping smaller businesses that have a steady flow of legal work. Our month-to-month Virtual Counsel plans are excellent value. Strike your own balance of price and flexibility:

  • Lower hourly rates, with day rates available.
  • No increases to your headcount.
  • No long-term commitment required.


We provide legal support to small and medium-sized businesses in Scotland, the rest of the UK, and Canada.


Based in Dundee, Plain English Law serves businesses throughout Scotland.

United Kingdom

Costs in Dundee are much lower than in London and the South East. Or in Manchester, Leeds, or Edinburgh, for that matter.

With qualifications in England & Wales and Scotland, we offer great value to businesses across most of the UK.


Founded by Trevor Fenton, a Canadian-trained lawyer, Plain English Law:

  • Advises clients on both sides of the Atlantic on Canadian business and privacy law.
  • Acts as the UK GDPR Representative for overseas companies.

Our affiliations

Need Help in Plain English?

Contact us today by sending a message, booking a 30-minute initial consultation at no charge or requesting a call back.

Back to top