Data, privacy and cybersecurity

Our highly collaborative data, privacy and cybersecurity group delivers commercial, time-sensitive, sector-focused, actionable advice to protect your data, optimise value and mitigate risk.

Together with our partner network, we advise clients on both local and international laws, whether in the UK, Ireland, EU, US, Canada, the Nordics, South Africa, EMEA and beyond.

Whether you wish to navigate the complexities of data privacy laws, develop a new product, respond to a cyberattack, assert information rights, formulate data governance or manage artificial intelligence deployment risk, our team can act as a natural extension of your team.

We act for clients ranging from scaling businesses to multinationals, in financial services, public sector, health, life sciences, retail, industrial, manufacturing, technology, education, energy and infrastructure. Our dedicated, specialist team operates at the intersection of law and emerging technologies, advising on regulatory frameworks that shape how data is collected, processed, shared, protected and disclosed; and providing you distilled, actionable advice as part of product counselling and effective data strategy.

Data is the bedrock of artificial intelligence and intersects with employment, commercial contracts, intellectual property, sector-specific and regulatory compliance, financial services regulation, competition law, disputes and investigations and corporate transactions. That is why our lawyers work as a truly integrated team. Our practice spans four core areas:

Data protection and privacy: Compliance programmes, data protection and privacy advisory, data transfers, AI and data governance, data sharing arrangements, marketing and adtech compliance, subject access requests, online safety and digital regulatory investigations and enforcement.
Cybersecurity: Incident preparedness, ‘follow the sun’ breach response, cyber and information security compliance, ransomware and cyber-attack, incident management, regulatory notifications and post-incident remedial work and litigation.
Information law: Freedom of information, access to information on the environment, official secrecy, public authority and the corresponding public (and private) sector obligations and information rights management and litigation.
Data as an asset: Advising organisations on commercial data strategy to protect and optimise value from their data assets.

Whether you need immediate assistance with a data breach, strategic advice on a compliance programme, or specialist support with an information rights matter, our team is ready to help.

UK government agency

Advising on its passenger data privacy policies and database management for various franchises, as well as advising both public and private sector bodies on freedom of information act requests and balancing assessment.

Leading insurance company

Advising on a wholesale market review of its data licences and devising a solution to consolidate its licensing strategy for exploiting financial market data and mitigating IP infringement litigation risk.

Leading professional services firms

Avising on data compliance aspects of their operations, including strategic advice in the context of M+A activity, as well as operational data privacy and AI governance advice.

A global airline

Advising on its negotiations with a leading international ticketing and GDS seat reservations supplier and providing a legal opinion on associated risks.