Search Mobile

collapse

already registered?

Please sign in with your existing account details.

Email address

Password

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

Forgotten your password?

collapseSign

Browne Jacobson home

Retail home

Services

Data protection

data protection

Fintech Contactless

As a retailer, you are likely to hold and use a wide variety of personal information, both from the people you employ through to your customers.

The General Data Protection Regulation (GDPR), which from May 2018 superseded the 1995 Data Protection Directive, revolutionised the way we manage data. Organisations breaching the GDPR face penalties of up to €20 million or 4% of global turnover, whichever is highest.

Our specialist lawyers are here to advise and assist you with your strategic approach to handling data within your organisation. We have considerable knowledge and experience advising on the day-to-day use of data within your business, as well as privacy issues associated with behavioural advertising and location information, browser-generated information and device recognition technologies.

Protect your business and train your team on data protection - take a look at our fixed price product.

This 40 second video explains why you should take advantage of our training product and train your teams on the principles of data protection to help you minimise the risk of handling data.

what we do...

Retail sector experience – We have been advising retail clients for over 30 years, and have an established retail and commercial practice, advising a wide range of household names, both nationally and internationally. Our retail client base of over 180 retailers includes many luxury brands and high street names, with portfolios of over 3,000 properties.
Developments in privacy laws and guidance - We regularly advise clients on the implications of developments in privacy laws and guidance. We understand how the GDPR impacts UK businesses and can help make it clear how to comply and remain compliant in a cost-effective way.
Draft and review of contracts – We support our clients in drafting and reviewing contracts, licensing agreements, service agreements, privacy notices, and other policies and procedures to help ensure compliance with European data protection rules. We advise on complaint website privacy notices, website terms and conditions and cookies policies.
Data protection issues associated with marketing activities – We help our clients deliver compliant marketing activities such as obtaining consent for marketing communications, the use of suppression lists and the purchase and sale of marketing databases.
Supporting data breach management - We provide legal support to clients at all stages, including: preparation and prevention, training, crisis management and resolution and recovery. We have strong connections with third parties who can provide specialist non-legal support, for example, threat intelligence, IT security specialists, ethical hackers/penetration testers, public relations and credit monitoring. We can manage the process to ensure a coordinated approach protected by legal privilege. we offer a range of service advising companies on their internal approach to data protection and privacy and data breach.

Responding to and undertaking law enforcement requests for access to personal data - We advise clients on managing requests for information from a wide range of law enforcement bodies located in the UK and overseas. In the UK, we have advised clients on complying with mandatory and discretionary requests. In doing so, we are always mindful of the risks arising from the Freedom of Information Act. We have, working with overseas counsel, advised clients on their obligations to comply with non-UK authorities.
Responding to and undertaking subject access requests (SARs) - We regularly receive instructions to advise on SARs. Clients appreciate our strategic guidance about how to respond and whether to resist, for example, by relying on case law and the application of exemptions. We have a wealth of experience in dealing with and successfully defending our position with the ICO. We can also call on a team of paralegal and junior fee earners to assist with the disclosure process.
Training and updates - We offer bespoke on-site training for clients in a range of sectors on data protection and cybersecurity issues. Our wider programme of training and legal updates also enables you to stay informed on developments in privacy laws and guidance.
Transfer of data outside the European Economic Area - we have both the experience and the relationships to enable us to upscale resources to support clients with privacy advice in its overseas jurisdictions. This includes advising on the use of Safe Harbor certification and the use of model clauses and binding corporate rules.
Development of new technology - we have worked on cutting edge technologies to capture, analyse and learn from data with the likes of Experian and Capital One.

related resources

Future of retail - hear from James Reid, EMEA IT Director at Deckers Brands

James Reid of Deckers Brands joins a panel of experts to give a retail perspective on the usage of data, looking particularly at how retailers should keep their data current and relevant in order to enhance the experiences of tomorrow.

View

Future of retail - hear from Dan Klein, Valtech’s Chief Data Officer

Dan Klein of Valtech joins a panel of experts to explore how retailers are using data to deliver a personalised customer experience that has anonymity.

View

Future of retail - hear from data protection expert, Mark Gleeson

Mark Gleeson joins a panel of retail experts to give his perspective on the opportunities that the EU GDPR will present, and how retailers will use data in the future to understand and interact with their customers.

View

Future of retail - hear what our experts and guests had to say

Hear from retail law expert Caroline Green and guests from a whole host of different retailers, including LVMH, YOOX Net-A-Porter and Cox London, for an insight into our joint event with Valtech. We came together with industry experts to explore what the future holds for retail, with guest speaker Sophie Hackford taking us on a whistle-stop tour of some mind-blowing ideas on the customer experiences of tomorrow. Our expert panel then went on to look at the foundations organisations need to lay now to enable a brighter future, with a particular focus on data.

View

View all

what our clients say....

recent experience

Advising a FTSE retailer on the data protection implications of a major enterprise cloud hosting deal and advising on the data protection implications of numerous different technologies including cloud systems, apps, financial technologies, CRM systems etc.
Advising a global brand on cyber security following the hacking of its customer database. The advice covered compliance with UK, Irish and German data protection laws, engagement with regulators and law enforcement agencies, reputation management, communications with affected individuals and legal proceedings against its service provider.
Advising a UK retailer on data privacy and PCI-DSS compliance following a breach of security in its online payments platform. The advice included breach management support, regulatory advice and pursuing a third party service provider for breach of contract.
Advising a US on-line retailer on managing a data breach affecting consumers in multi-jurisdictions. This included advising on notification requirements breach notification requirements in multiple US states and jurisdictions across the globe following a breach of its online payment platform.
Advising Games Workshop in relation to a number of data protection and privacy issues including the implications of introducing CCTV into its stores worldwide and whether it is possible for Games Workshop’s International stores to carry out criminal record checks on employees in those countries and any relevant considerations in respect of that.
Advising Royal Mail Group on its data strategy including the use of Big Data and data monetisation.
Advising Sainsbury’s Supermarkets Limited on the operation of the Nectar loyalty scheme. The advice including data monetization, data sharing, direct marketing, the use of analytics and location data.
Advising Thorntons on a new ERP and CRM system, including the negotiation of agreements to improve Thornton’s position. We’ve also advised Thorntons on matters such as the creation of a website aimed at customisation and advised on all of the “back office” issues around that website and its integration with the CRM and ERP systems (which were from another provider).
Assisting a trade body to understand the impact of the GDPR on its industry.
Auditing an online retailer, headquartered in the US, following a breach of the security of its payment system. The breach impacted customers located in Europe, Asia-Pacific, North and South America.
Drafting a practical guide to the GDPR and its implications to the advertising industry for the Institute of Practitioners in Advertising for distribution to its membership.
Undertaking a data protection audit of an international parcel delivery business.
We advised Louis Vuitton on the data protection aspects of the creation and roll out of a paper and electronic customer information card (CIC). The CIC is to be used in various LVMH stores worldwide.
Working with Experian to understand its data flows, data maps and international data transfers.
Working with startups on new data driven products including crypto currencies.