Privacy Policy


The EU General Data Protection Regulation (GDPR) came into force on 25th of May 2018. The new Regulation aims to standardise data protection laws and processing across the EU, giving people greater rights to access and control their personal information.

Our commitment

Harrison Bryce Solicitors are committed to ensuring protection of all personal information that we hold, and to provide and to protect all such data. We recognise our obligations in updating and expanding this program to meet the requirements of GDPR. Harrison Bryce Solicitors are dedicated to safeguarding the personal information under our control and in maintaining a system that meets our obligations under the new regulations. Our practice is summarised below.

Data subject rights

The GDPR details rights  of access to both manual and electronic data for the data subject. This is known as a Data Subject Access Request (DSAR).

Under the GDPR, organisations are required to respond to subject access requests within one month. Failure to do so is a breach of the GDPR and could lead to a complaint being made to the Data Protection Regulator.

Requests must be made in  writing and should include the full name, date of birth and address of the person seeking access to their information.

To comply with the GDPR, information related to the individual must only be disclosed to them or someone with their written consent to receive it.

Under GDPR Articles 7(3), 12, 13, 15-22 data subjects have the following rights:

  • to be informed;
  • to access their own data;
  • to rectification;
  • to erasure (Right to be Forgotten)
  • to restriction of processing;
  • to be notified;
  • to data portability;
  • to object;
  • to object to automated decision making.

The fee Harrison Bryce charge may vary depending on how the records are held and how many times the request has been made. If Harrison Bryce receives a request that is manifestly unfounded or excessive, it will charge a reasonable fee taking into account the administrative costs of responding to the request. Alternatively, Harrison Bryce will be able to refuse to act on the request.

Before processing a request, the data subjects identity must be verified. Examples of suitable documentation include:

  • Valid Passport
  • Valid Driving Licence
  • Birth Certificate along with some other proof of address e.g. a named utility bill (no longer than 3 months old)


If an individual is dissatisfied with the way Harrison Bryce have dealt with their subject access request, they should be advised to invoke the Harrison Bryce complaints process. If they are still dissatisfied, they can complain to the Data Protection Regulator.

Information security and technical and organisational measures

Requests to view our organisations Data Security and/or Data Breach policy can be made by sending a request in writing.

GDPR Roles

Harrison Bryce Solicitors have designated Iram Anwar as our Appointed Person. If you have any questions about our GDPR compliance policies, please contact the Appointed Person.

Last reviewed 26th of July 2022