Information law for the public sector

From data protection to your policy on smartwatches

We provide advice and assistance to clients in the public and third sectors on all aspects of the law relating to gathering, holding, processing, securing, using and providing access to information.

In the course of its operation, your organisation will gather a substantial amount of personal data relating to suppliers, customers, employees and others with whom it interacts. In doing so, your organisation must comply with the requirements of the legislation which applies to all personal data that you hold in electronic form and (depending on your sector) selected highly structured paper records.

From 25 May 2018, the General Data Protection Regulation (the GDPR) will come into force. The new UK Data Protection Bill will transpose the GDPR and replace the Data Protection Act 1998. Under the legislation the definition of “public authorities” is defined with reference to the organisations that are subject to the terms of the Freedom of Information (Scotland) Act 2002. Anyone falling under this definition should be aware of their additional obligations under the GDPR. The new rules will have an impact on the way in which organisations manage and process any information relating to identifiable or identified individuals.

Those operating in the Public Sector process personal data as part of their statutory functions and day-to-day activities in relation to - for example, employees, constituents, service users, etc - and they will need to take steps to comply with the GDPR before it comes into force.

Our team can help you to comply with the regulations surrounding data to ensure you follow legal requirements and best practice. We can also assist in the event of an investigation by the Information Commissioner’s Office (ICO).

If you are a public authority subject to the the Freedom of Information (Scotland) Act 2002 (FOISA) and the Environmental Information (Scotland) Regulations 2004 (EIRs), we can advise you on handling requests for information, including application of the exemptions, and undertaking reviews.

Information Law is a broad and dynamic area of law covering everything from GDPR and Freedom of Information to cybercrime. Our team can help you to comply with the regulations surrounding data to ensure you follow legal requirements and best practice

Key contacts - get in touch

Why choose us?

Backed by the strength of one of Scotland’s leading law firms, we have in-depth understanding of the sectors in which you operate and can advise you accordingly from our offices in Glasgow, Edinburgh and Inverness.

We provide clear, practical and commercially focused advice, entrenched in a deep understanding of your organisational needs, ensuring that you not only comply with the law but are able to deal with any practical and regulatory issues which arise. 


Our services

We can provide you with help and guidance on the following areas of information law:

  • BYOD (bring your own device)
  • CCTV
  • Compliance audits
  • GDPR, FOISA and EIR compliance requirements
  • GDPR and FOISA policies and procedures, including EIR charging schedules
  • Data transfer agreements
  • Direct marketing
  • Data security
  • Data retention schedules
  • Entry into data sharing arrangements 
  • Information governance and records management
  • Interface between FOISA and GDPR
  • Mobile apps
  • Outsourcing and data transfer agreements
  • Privacy and cookie policies
  • Registration with the ICO
  • Requests for information and personal data
  • Social media
  • Staff monitoring
  • Staff training
  • Website compliance
  • Wearable technology

Work examples

Contact us

Call us for free on 0330 159 5555 or complete our online form below for legal advice or to arrange a call back.

Please don't provide anything sensitive here, like health details, or your credit card number

By completing this form you agree to Harper Macleod's Privacy Notice.

Meet the information law team