Data protection for retail

As a retailer, you are likely to hold and use a wide variety of personal information, both from the people you employ through to your customers.

The UK General Data Protection Regulation (GDPR) revolutionised the way we manage data. Organisations breaching the GDPR face penalties of up to €20 million or 4% of global turnover, whichever is highest.

Our specialist lawyers are here to advise and assist you with your strategic approach to handling data within your organisation. We have considerable knowledge and experience advising on the day-to-day use of data within your business, as well as privacy issues associated with behavioural advertising and location information, browser-generated information and device recognition technologies.

What we do

• Retail sector experience – we have been advising retail clients for over 30 years, and have an established retail and commercial practice, advising a wide range of household names, both nationally and internationally. Our retail client base of over 180 retailers includes many luxury brands and high street names, with portfolios of over 3,000 properties.
• Developments in privacy laws and guidance - we regularly advise clients on the implications of developments in privacy laws and guidance. We understand how the GDPR impacts UK businesses and can help make it clear how to comply and remain compliant in a cost-effective way.
• Draft and review of contracts – we support our clients in drafting and reviewing contracts, licensing agreements, service agreements, privacy notices, and other policies and procedures to help ensure compliance with European data protection rules. We advise on complaint website privacy notices, website terms and conditions and cookies policies.
• Data protection issues associated with marketing activities – we help our clients deliver compliant marketing activities such as obtaining consent for marketing communications, the use of suppression lists and the purchase and sale of marketing databases.
• Supporting data breach management - we provide legal support to clients at all stages, including preparation and prevention, training, crisis management and resolution and recovery. We have strong connections with third parties who can provide specialist non-legal support, for example, threat intelligence, IT security specialists, ethical hackers/penetration testers, public relations and credit monitoring. We can manage the process to ensure a coordinated approach protected by legal privilege. We offer a range of services advising companies on their internal approach to data protection and privacy and data breaches.
• Responding to and undertaking law enforcement requests for access to personal data - we advise clients on managing requests for information from a wide range of UK and overseas law enforcement bodies. In the UK, we have advised clients on complying with mandatory and discretionary requests, always mindful of the risks arising from the Freedom of Information Act. We have, working with overseas counsel, advised clients on their obligations to comply with non-UK authorities.
• Responding to and undertaking subject access requests (SARs) - we regularly receive instructions to advise on SARs. Clients appreciate our strategic guidance about how to respond and whether to resist, for example, by relying on case law and the application of exemptions. We have a wealth of experience in dealing with and successfully defending our position with the ICO. We can also call on a team of paralegal and junior fee earners to assist with the disclosure process.
• Training and updates - we offer bespoke on-site training for clients in a range of sectors on data protection and cybersecurity issues. Our wider programme of training and legal updates also enables you to stay informed on developments in privacy laws and guidance.
• Transfer of data outside the European Economic Area - we have both the experience and the relationships to enable us to upscale resources to support clients with privacy advice in its overseas jurisdictions. This includes advising on the use of Safe Harbor certification and the use of model clauses and binding corporate rules.
• Development of new technology - we have worked on cutting edge technologies to capture, analyse and learn from data with the likes of Experian and Capital One.