Data Protection & Privacy

Our solutions-based, experienced commercial team are dedicated to helping businesses with all their contractual, commercial and trading issues that they face. The team provides contentious and non-contentious advice and is recognised for providing support that goes beyond straight-forward legal services. Our clients include growing and established corporates and specialist internet and data-rich companies operating across a broad range of sectors including sport; telecommunications and technology; financial services; healthcare and pharmaceuticals; retail; insurance and energy.

We advise our clients at each stage of the data lifecycle: From the initial assessment and reduction of their privacy and security risks to ensure compliance with applicable laws, to the development of new products, services and marketing strategies. We are heavily embedded in the technology sector and regularly advise customers and suppliers on matters relating to information technology, data governance and protection, privacy and cybersecurity. This includes providing advice in relation to compliance, data breaches, risk management policies and procedures, cyber risks, data transfer challenges and use of cookies and online tracking.

We regularly advise on the full range of legal issues relating to data protection and privacy:

• Advising on privacy and security at the outset to maximise the effectiveness of the client’s offering and avoid legal and regulatory pitfalls (including advice on the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018)).
• Advice on complex issues associated with personal data (including special category data) and sensitive business data, including its collection, use, storage, disclosure, transfer and destruction.
• Data protection, privacy and cybersecurity audits, compliance risk assessment and remediation.
• Data security, privacy and technology regulatory response and litigation.
• Regulatory investigations by data protection authorities and assisting with regulatory or enforcement action taken, or damages claims brought, against businesses as a result of alleged breaches in respect of obligations under the GDPR and DPA 2018
• Security incident investigation, response and remediation.
• Cross-border data flow requirements, including Privacy Shield, EU Binding Corporate Rules and other solutions
• Leveraging personal information for advertising and marketing.
• Management of employee information.
• M&A transactions.
• Proactive incident response planning.
• Restrictions on collection and use of consumer information.
• Data protection program development, including supporting consumer engagement activities such as marketing and advertising (with particular focus on E-privacy regulations, soft opt-in and electronic marketing).
• Dealing with data subject access requests, data breach issues and notifications.
• Advice on minimising financial loss and reputational damage.
• Preparation of privacy notices, cookie policies and opt-in wording on websites and other platforms.
• Assisting companies to develop compliance guidelines and carry out data protection audits.
• Preparing confidentiality agreements.
• Drafting and negotiation of data processing and data sharing agreements.
• Assisting with any regulatory or enforcement action taken or damages claims brought against businesses as a result of alleged breaches in respect of obligations under the GDPR and DPA 2018.
• Advising employers on their compliance with GDPR e.g. employee and candidate privacy notices, reviewing/updating employment contracts.