Our business and work lives are busy and complicated. It can often feel stressful and, well, a bit messy.
When family and business overlap, managing family life and the dynamics of power and succession across generations can be complex and emotive – particularly when property ownership and overseas interests are involved.
Our expert teams remove the complexity, providing joined-up advice to ensure your business and personal affairs are in order – now and in the future.
The ambitions of our clients go far beyond our home jurisdictions of Scotland and the wider UK, and we support them wherever they do business around the world.
This guide is aimed at businesses who are looking to expand or invest into the UK.
Keep up to date with news and analysis of the latest legal developments, written by our experts.
The Home Office has made changes to the EUSS scheme that will impact pre-settled status holders.
Stay informed about the latest changes in your industry with webinars, conferences and in-person events delivered by our legal experts.
We are pleased to partner with the Scottish Wholesale Association to discuss DE&I in the workplace.
Stay on top of key topics and major regulatory changes that may impact you or your industry.
We are a full-service, independent Scottish law firm focused on employing and working with the best people to deliver a consistently high-quality service to clients.
Clients want the very best legal advice, and they get it from us. But they also want that advice delivered by people with their feet on the ground who understand the context in which their recommendations are being applied.
Proudly based in Scotland, we work with leading organisations across the UK and internationally.
Clients tell us they appreciate the breadth of our legal expertise, the depth of our talent and, crucially, the down-to-earth personality of our people.
It is our single most important point of difference – a human and high-performing culture that permeates all that we do.
The desire to constantly seek opportunities to improve the client experience and always find a ‘better way’ is deeply embedded in the DNA of Burness Paull.
Its roots lie in the energy and curiosity of our people and, as we’ve grown, we’ve supported that spirit with an enabling structure and process.
We believe that this, coupled with the human and high-performing partnerships we create with each other and our clients, is fundamental to our near and long-term success, both as a leading law firm and as a responsible employer.
Catch up on the latest updates and announcements from Burness Paull.
Burness Paull advised on the sale of the former Virgin Hotel in Glasgow, which completed on 23 December 2024.
At the heart of our firm are a talented group of individuals. Whether you’re a lawyer or a business services professional, we need more individuals who share what we believe in to help us take the next step.
We are always looking for people with different stories who share our ambition. We want people to be who they are, not who they think we want them to be.
Explore our current vacancies
If so, and you’re seeking colleagues who are high-achieving but human too, then you’ll be right at home here at Burness Paull.
We offer a range of law programmes, including work experience for high school students, summer placements for university students, and legal traineeships for law graduates looking to kickstart their career.
The right attitude and a healthy dose of ambition are essential for anyone looking to join us.
Just as important is personality. We’re looking for people who are attracted to our hard-working, team culture with a willingness to learn and develop.
Do you want to be part of a team that’s market leading, not only in Scotland but globally?
A NEW PERSPECTIVE
David Goodbrand -
Partner Head of Data Privacy
TECHNOLOGY & COMMERCIAL
+44 (0)131 357 4464
david.goodbrand@burnesspaull.com
At the start of the year, now is a great time for every organisation to audit and review their existing data and information compliance policies and practices. Alongside changes in the volume and nature of the data that organisations routinely process, there are ever-increasing values placed on, and risks associated with, such data. We would certainly recommend a more structured, balanced and holistic approach be taken when looking at data management, security and governance.
There are three main pillars that collectively form the backbone of good data protection compliance:
There has been a number of data related legislative changes and proposals in Europe and the UK in the last couple of years. The current focus in the UK is on the Data Protection and Digital Information Bill No.2 (DPDI), which it is anticipated will become law in mid-2024 (subject to any knock-on complications and delays that may be thrown up by the upcoming UK general election). Some of the highlights contained in the DPDI include:
The DPDI needs to be considered alongside the volume of other legislative developments in Europe, including the following:
The increasing number of data related legislative requirements and the potential inter-relationship (or conflict) between these in the UK, Europe and further afield will continue to raise novel and often complex compliance questions for many organisations. We will continue to monitor and update on these developments.
Artificial Intelligence (AI), and generative AI in particular, has received significant attention and focus in 2023. Many organisations are already embracing AI and the benefits that it has to offer, and will continue to bring. However, the associated legal, regulatory and security risks need to be considered and managed carefully too in order to ensure that a potential asset does not turn into a significant liability.
Whilst the UK ICO cautions about a potential decline in trust in AI throughout 2024, current indications show a rising adoption and reliance on these developing technologies. Organisations who are leveraging generative AI in the workplace may wish to take steps to mitigate the risks associated with it’s use, including:
The risk to an organisation’s data posed by cybersecurity risks is not showing any signs of easing and continues to top the list of key risks impacting all organisations. Cyber risk will continue to evolve in 2024, especially with the emergence of new and increasingly sophisticated threats associated with the use and adoption of AI and quantum computing.
Regulatory frameworks looking to address cybersecurity risks are evolving too, with the adoption in Europe of the Critical Entities Resilience (CER) Directive – with a focus on resilience and the NIS 2 Directive – which covers incident response. The UK is also looking to set out minimum security standards that consumer networks must comply with in the UK Product Security and Telecommunications (PSTI) Act 2022 which comes into force on 29 April 2024.
The risk of cyber events may result in regulatory scrutiny and investigation, and therefore ensuring you are prepared and have an appropriate plan to handle these instances is becoming critically important.
In October 2023 we saw the introduction of a new data bridge (the much-anticipated replacement to the Privacy Shield) between the UK-US, which is an extension of the new EU-US Data Privacy Framework (DPF), which was introduced in Summer 2023. This essentially allows UK and EU businesses to transfer personal data to certified US organisations. However, the likelihood of uptake of this mechanism remains in doubt as it seems fairly certain that the DPF will face a number of legal challenges in 2024. Therefore, we will have to see whether the DPF will remain an effective data transfer mechanism.
Separately, the EU-UK Adequacy Decision, which is a decision made by the European Commission that maintains the free flow of personal data between the EU to the UK, is set to be reviewed this year. The European Commission will start work later in 2024 to determine whether to extend the adequacy decision for another four years. The European Commission is likely to scrutinise the UK’s Data Protection and Digital Information Bill as part of this review.
At the end of 2023, the ICO issued guidance for organisations completing transfer risk assessments for transfers of personal data from the UK to the US. We also anticipate further guidance from the ICO regarding international transfers including detailed guidance on the International Data Transfer Agreement and the UK Addendum to the EU standard contractual clauses.
Lastly, ahead of 21 March 2024 deadline, we expect to see a focussed effort from a number of organisations to implement the new EU standard contractual clauses (SCCs) and the UK Addendum or the UK standalone international data transfer agreement. Organisations, still relying on the pre-GDPR SCCs to transfer personal data from the UK have until that date to transition to the new arrangements.
Central to all these themes and trends is trust. Businesses are operating in a trust economy and this brings both challenges and opportunities. You can read our recent paper with thoughts on the trust economy here.
2024 is already shaping up to be a really important and busy year for data driven businesses and organisations. Our Data Protection and Regulatory experts continually monitor developments in this area and would be delighted to arrange a call to see how we can help and support your organisation.
January is the optimal time for businesses to review risk registers against management plans and goals for the next 12 months.
2024 was another year in which UK businesses battled to combat cyber security threats, which continue to impact organisations of all sizes across all sectors.
The increased cyber risks around the Christmas and New Year period.
© Burness Paull
Burness Paull LLP is a limited liability partnership of lawyers registered in Scotland (SO300380). We are regulated by the Law Society of Scotland and authorised and regulated by the Solicitors Regulation Authority (838632).
