bto solicitors - Corporate & Commercial Business Lawyers Glasgow Edinburgh Scotland

  • "really fights your corner..."
    "really fights your corner..." Chambers UK
  • "Consistently high-quality work and client-friendly approach."
    "Consistently high-quality work and client-friendly approach." Chambers UK

Data Protection


For the latest on Data Protection visit our Blog


"They are really useful, helpful and responsive. They always understand our position in order to give advice to our organisation. I'm delighted with them."
 (Chambers UK)

The handling of personal information in accordance with the Data Protection Act 2018 (DPA) is a minefield. In May 2018 the General Data Protection Regulation (GDPR) came into direct effect throughout the EU and, Brexit or not, any organisation processing the personal data of an EU citizen will have to comply with stricter conditions set out there.

Any personal information held in digital or paper format is protected by the DPA and if it is lost, misused or shared inappropriately it is likely that the DPA has been breached and since April 2010 the Information Commissioners Office (ICO) has had the power to issue substantial fines to organisations who do not process data in compliance with the DPA. The ICO has used its powers to impose significant fines of up to £500,000 on public bodies, non-profit making organisations, individuals and private companies. The ICO now has power to impose substantially higher fines of up to 20,000,000 euros.

In addition, it has become easier for individuals to claim compensation under the DPA if personal data is lost, misused or shared inappropriately resulting in pecuniary loss or distress.

BTO’s Data Protection Team is the only team of lawyers in the UK who have experience of successfully challenging a fine imposed by the ICO for a breach of the DPA. Therefore, its lawyers speak with authority on how best to handle a data breach, how best to handle the ICO and how best to handle all forms of personal data.

The team also provides compliance advice and training  in relation to the DPA; the eight processing principles and how to avoid coming into contact with the ICO. In Scotland, BTO’s team is unique and at the forefront of providing DPA advice.

The team provides strategic advice in relation to information requests from data subjects, the police and other regulators and under freedom of information legislation; in particular, handling the tricky situations where this legislation overlaps.


What we do:

  • Strategic advice and options to management when a potential data protection issue emerges
  • Drafting and redrafting of DP policies and procedures
  • DPA Compliance Training
  • Advice on data sharing, data retention and subject access requests, including the new Privacy Shield
  • Keeping your marketing within the law
  • CCTV and surveillance compliance
  • How to handle ICO investigations and appeals to the Information Tribunal
  • How to handle information requests
  • Making Subject Access Requests (Individuals)
  • Managing Subject Access Requests (Organisations)


Motion __paul _crop

Paul Motion, Partner and Solicitor Advocate is an accredited specialist in freedom of information and data protection law. He was already specialising in technology law several years before the Data Protection Act 1998 or Freedom of Information Acts came into force. He chaired the Law Society of Scotland’s Technology Committee for sixteen years from May 2000, pre-dating (and observing and commenting upon) the introduction of virtually all modern E-commerce and privacy related legislation such as the DPA and FOI. Paul is also “on his feet” in court regularly since he is a highly experienced civil Solicitor Advocate.

A recognised expert in Data Protection and contentious IT/IP law, Paul has run many ground breaking cases, notably the only successful appeal to date anywhere in the UK against a DPA penalty imposed following a DPA breach. Paul and team were acting on behalf of Scottish Borders Council, against a £250,000 Data Protection Monetary Penalty.  In 2012 following a case involving fake online reviews Paul set up the BTO Online Reputation Team which has attracted referral work from other solicitors. Paul also drafts and advises on the content of data protection and privacy policies

Lynn Richmond

Lynn Richmond is a Partner in Data Protection, Commercial Dispute Resolution; and Intellectual Property and Technology. Lynn is accredited by the Law Society of Scotland as a Specialist in Intellectual Property. She is also WS Accredited in Commercial Litigation and is described by her clients as a versatile and able civil litigator with strong advocacy, negotiating and drafting skills. Her experience covers a variety of legal areas, including intellectual property, technology, data protection, freedom of information and general commercial litigation.

As part of BTO’s Data Protection Team, Lynn advises on data protection compliance, data breaches, claims and subject rights and advises on freedom of information matters for a variety of businesses and organisations in many sectors.

To discuss your data control/protection issues, please contact Paul Motion or Lynn Richmond on T: 0131 222 2939 E:


  • Subject Access Requests

Dealing with complex SAR from ex-employee who asked for a huge amount of detailed information through the use of a forensic IT consultant and significant redaction of documentation. 

  • ICO Notification

Providing advice to a client about how to notify the ICO about a data incident, successfully avoiding enforcement action from the ICO, twice. 

  • Housing Associations

Advising housing association about how to manage their employees being recorded covertly by service users’ families.

  • Named Person in schools and Data Protection Act 1998

Providing compliance advice on the provision of the Named Person in schools and the Data Protection Act 1998. 

  • CCTV and surveillance compliance

Assisting with the review of data protection policies and procedures.

  • Data Protection Training

Providing training for: Audit Scotland; Fife Council; SHARE; South Lanarkshire Council; Aberdeenshire Council; Grampian Health Board and George Watson's College.



  • "We could not have asked for better legal advisers."

    BTO Client
  • "They are really useful, helpful and responsive. They always understand our position in order to give advice to our organisation. I'm delighted with them."

    BTO Client

Do you need a Data Protection Officer (DPO)?

If so, Really Good Data Protection (RGDP LLP) provides DPO services to businesses and organisations that choose to outsource all or some of their data protection requirements. Working in close association with our data protection team in BTO Solicitors, RGDP provides a high quality and cost effective DPO solution to the demands of DPA 2018 and GDPR. If you need a DPO, we would urge you to consider outsourcing and strongly recommend that you contact Mark Chynoweth, the General Manager of RGDP, for more information:

M: 07741 738842



The Data Protection Team regularly provides training in relation to data protection, the new Regulation and information law. This is always tailored to the audience we are talking to and to the sector that our audience comes from. Training is fundamental to compliance with the Data Protection Act 2018. See our Compliance Training page for further info or speak to a member of the team on about how we can assist you to comply.

Recent feedback:

A number of the delegates who have attended BTO’s courses have commented specifically on the team's knowledge of DP, the manner in which they put it across (in a non-lawyer fashion) and their friendly and outgoing personality. What became apparent following the courses was that delegates were reciting examples BTO had delivered at the training, giving us confirmation that they not only understood the training, but were able to remember and demonstrate what they had learned.

Contact: T: 0131 222 2939 E:

“The level of service has always been excellent, with properly experienced solicitors dealing with appropriate cases" Legal 500

Contact BTO


  • 48 St. Vincent Street
  • Glasgow
  • G2 5HS
  • T:+44 (0)141 221 8012
  • F:+44 (0)141 221 7803


  • One Edinburgh Quay
  • Edinburgh
  • EH3 9QG
  • T:+44 (0)131 222 2939
  • F:+44 (0)131 222 2949