Data protection and privacy
Practical, authoritative advice both local and international data protection and privacy frameworks as well as open (or smart) data laws, wherever your business operates.
Our data, privacy and cybersecurity group helps organisations of all sizes and sectors understand their obligations, build robust compliance frameworks, and respond effectively when challenges arise. We combine deep legal expertise with a practical, business-first approach, because compliance must be workable, not just technically correct.
How we can support you:
- Reactive support: Where you are in the midst of a breach, a subject access request, a regulatory investigation or a crisis. We provide rapid response; and aim to leave you better informed and more prepared next time round. In short, we fight fires but also help build organisational resilience.
- Proactive compliance and risk management: We support the fundamentals of effective data governance: whether that be assisting in records of processing activities (ROPAs), data privacy and AI impact or risk assessments, crafting data sharing and international data transfer agreements, policies, process and managing data retention or AI deployment.
- Strategic and ambitious: We can help you protect, optimise and enable your data assets for strategic commercial advantage and unlock the value of data for shareholders, partners and their respective communities (whether in public or private sectors).
Whether you are building a compliance programme from scratch, dealing with a regulatory enquiry or navigating the complexities of international data transfers, our team is here to help. We work with clients across the UK, Ireland and internationally, from single-jurisdiction engagements to complex global programmes.
"They have excellent visibility in the market, with useful contacts and vast experience of working within our sector. They have also responded quickly to every request we have made."
Featured experience
Data centre operator
Global technology provider
Advised on developing its data licensing model for licensing data to train its AI/machine learning model.
Financial services provider
Preparing a series of AI regulation and data privacy compliance and, separately related cybersecurity readiness training sessions for over 200+ staff.
Engineering business
Advised on devising a digital service transformation strategy to comply with EU AI and EU Data Acts, along with the UK Data (Use and Access) Act, as well as review licensing in derivative data and effective data governance and cybersecurity.
Key contacts
Philip James
Partner
Jeanne Kelly
Founding Partner
Richard Nicholas
Partner
Testimonials
"Great service and lovely people. Never made to feel that I should know something when I don't!"
"They have excellent visibility in the market, with useful contacts and vast experience of working within our sector. They have also responded quickly to every request we have made."
You may be interested in...
Podcast
#DigitalFrontiers podcast: AI, law and technology insights
Legal Update - Schools white paper
Schools white paper on AI and data: Insights for school leaders
Legal Update
Trust and cybersecurity in retail
Legal Update
AI and emerging legal challenges in construction
Guide
Strategic approaches to managing subject access requests: A guide for public sector organisations
Published Article
Blueprint for AI success in local government
Legal Update
AI, data and security: Key insights for in-house lawyers and business leaders
Legal Update
Cookie compliance crackdown: SHEIN fined €150 million by CNIL
Legal Update - IP insights
IP insights: September 2025
On-Demand
Data (Use and Access) Act 2025: What schools and academy trusts need to know
Published Article - Shared Insights
Reimagining the NHS: The 10-Year Health Plan and legal issues
Legal Update
Otter chaos: Legal considerations when using AI notetakers
Legal Update
Individual pricing, or there and back again: What UK businesses can learn from Delta’s AI pricing U-turn
Legal Update - IP insights
IP insights: July 2025
Legal Update
“Silent AI”: The risk of unintended consequences
Legal Update
Privacy implications of facial recognition technology (FRT) in retail security
Legal Update
New DfE AI guidance: A welcome start, but needs further development
On-Demand
Managing data risks effectively in M&A strategies and corporate transactions
Guide
Using AI for recruitment: The data issues
Legal Update
AI-driven legal access to information: DSARs, FOI requests, and the emerging landscape
Published Article
Anonymity injunctions for clinicians
Guide - Autonomous vehicles
Autonomous vehicles in the UK: Where are we now?
Legal Update - IP insights
IP insights: May 2025
Legal Update
Lessons from the 2025 cyber security breaches survey for higher education
Legal Update
AI in care: Navigating risk
Legal Update
Hyper-personalisation: Key considerations for organisations implementing AI solutions
Legal Update
US tariffs: Market chaos and implications for the UK tech sector
Legal Update - IP insights
IP insights: April 2025
Legal Update
Information Commissioner announces new AI guidance and package of measures to support the Government’s growth agenda
Published Article
Cloud Computing guide 2024
Legal Update - DMCC Act
Consumer Law enforcement: Hot topics harmful online choice architecture and dark patterns
Legal Update
Why digital marketers need to comply with cookie regulations to avoid their campaigns being disrupted
Legal Update
Mitigating the impact of school data breaches
Legal Update
AI adoption in schools: Meeting ICO expectations
Legal Update
Recent developments: Awards of non-material damages under the GDPR
Published Article
AI Opportunities Action Plan: How local authorities can lead the way
Legal Update
How should artificial intelligence be deployed in schools?
Press Release
Browne Jacobson’s School Leaders Survey illustrates how teachers are adopting AI in the classroom
Legal Update
EDPB guidelines: Processing personal data in the context of AI models
