Image of someone working on servers

Data protection and privacy

The ability to use data effectively is often business critical and can add real benefit to your operations and ultimately your success as a business. Data assists you in making informed business decisions and the determination of strategic direction as well as product and service development and the enhancement of interactions with your stakeholders.

The regulatory landscape is complex and increasingly shaped by international legislation and protocols, combined with increasing public concern and scrutiny regarding the security of personal information and the ways in which it’s used. The costs and risks of mismanaging data are high; with high fines, compensation payments, reputational issues and even criminal penalties should things go wrong. We also have extensive experience advising on privacy issues associated with behavioural advertising and location information, browser-generated information and device recognition technologies. We act for global data companies in respect of privacy implications of their day-to-day operations and development of new technology.

What we do

  • Draft and review of contracts – we support our clients in drafting and reviewing contracts, licensing agreements, service agreements, privacy notices, and other policies and procedures to help ensure compliance with data protection rules.
  • Developments in privacy laws and guidance - we regularly advise clients on the implications of developments in privacy laws and guidance.
  • Supporting data breach management - we have extensive experience of providing legal support to clients at all stages, including: preparation and prevention, training, crisis management and resolution and recovery. We have strong connections with third parties who can provide specialist non-legal support, for example, threat intelligence, IT security specialists, public relations and credit monitoring. We can manage the process to ensure a coordinated approach protected by legal privilege.
  • Supporting privacy-related litigation - we advise clients who are bringing or defending civil actions for breach of data protection, breach of confidence and for misuse of private information. We defend clients under investigation for criminal offences related to unlawful use of personal information. We also support victims of data crime or those who have acted as witnesses in criminal investigations.
  • The UK General Data Protection Regulation (GDPR) - we understand how the GDPR impacts UK businesses and are working with clients to lead efforts on their GDPR and cyber-security compliance programmes.
  • Training and updates - we offer bespoke on-site training on data protection and cybersecurity issues. Our wider programme of training and legal updates also enables you to stay informed on developments in privacy laws and guidance.
  • Responding to and undertaking law enforcement requests for access to personal data - we advise on managing requests for information from a wide range of law enforcement bodies. We have advised clients on complying with mandatory and discretionary requests.
  • Data protection audit - we offer a range of auditing services advising organisations on their internal approach to data protection and privacy and data breach. We manage the registration and renewal process for notifications with the Information Commissioner’s Office.

Featured experience

A major insurance provider

Advising a major insurance provider in relation to: (i) an audit of its existing affinity partnership agreements and associated marketing arrangements and (ii) developing a new form of affinity partnership agreement and in-house practices to demonstrate enhanced compliance with data protection and regulatory requirements. The work is important to our client as it relates to a growth area of the business and potential new marketing channels.

A national public body

Advising a national public body on its policy in dealing with FOI requests. The client received confidential information alleging the misuse of public money and was concerned to ensure it was able to keep the identity of those providing such information confidential.

An international consulting business

Undertaking a global data privacy compliance audit for an international consulting business headquartered in the US, with employees in 40 countries and operations in over 100 countries - working to understand its data flows, data maps and international data transfers.

A leading international luxury retail brand

Advising a leading international luxury retail brand on the data protection aspects of the creation and rollout of a paper and electronic customer information card which will be used worldwide and is designed to capture shoppers’ personal data.

Testimonials

You may be interested in...