Data Protection & Privacy

Our solutions-based, experienced commercial team are dedicated to helping businesses with all their contractual, commercial and trading issues that they face. The team provides contentious and non-contentious advice and is recognised for providing support that goes beyond straight-forward legal services. Our clients include growing and established corporates and specialist internet and data-rich companies operating across a broad range of sectors including sport; telecommunications and technology; financial services; healthcare and pharmaceuticals; retail; insurance and energy.

We advise our clients at each stage of the data lifecycle: From the initial assessment and reduction of their privacy and security risks to ensure compliance with applicable laws, to the development of new products, services and marketing strategies. We are heavily embedded in the technology sector and regularly advise customers and suppliers on matters relating to information technology, data governance and protection, privacy and cybersecurity. This includes providing advice in relation to compliance, data breaches, risk management policies and procedures, cyber risks, data transfer challenges and use of cookies and online tracking.

We regularly advise on the full range of legal issues relating to data protection and privacy:

  • Advising on privacy and security at the outset to maximise the effectiveness of the client’s offering and avoid legal and regulatory pitfalls (including advice on the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018)).
  • Advice on complex issues associated with personal data (including special category data) and sensitive business data, including its collection, use, storage, disclosure, transfer and destruction.
  • Data protection, privacy and cybersecurity audits, compliance risk assessment and remediation.
  • Data security, privacy and technology regulatory response and litigation.
  • Regulatory investigations by data protection authorities and assisting with regulatory or enforcement action taken, or damages claims brought, against businesses as a result of alleged breaches in respect of obligations under the GDPR and DPA 2018
  • Security incident investigation, response and remediation.
  • Cross-border data flow requirements, including Privacy Shield, EU Binding Corporate Rules and other solutions
  • Leveraging personal information for advertising and marketing.
  • Management of employee information.
  • M&A transactions.
  • Proactive incident response planning.
  • Restrictions on collection and use of consumer information.
  • Data protection program development, including supporting consumer engagement activities such as marketing and advertising (with particular focus on E-privacy regulations, soft opt-in and electronic marketing).
  • Dealing with data subject access requests, data breach issues and notifications.
  • Advice on minimising financial loss and reputational damage.
  • Preparation of privacy notices, cookie policies and opt-in wording on websites and other platforms.
  • Assisting companies to develop compliance guidelines and carry out data protection audits.
  • Preparing confidentiality agreements.
  • Drafting and negotiation of data processing and data sharing agreements.
  • Assisting with any regulatory or enforcement action taken or damages claims brought against businesses as a result of alleged breaches in respect of obligations under the GDPR and DPA 2018.
  • Advising employers on their compliance with GDPR e.g. employee and candidate privacy notices, reviewing/updating employment contracts.
  • Advising on data protection and cookie policies and related documents for companies in various sectors.
  • Advising various clients on their data protection compliance arrangements and data flow.
  • Advising various businesses and sub-processors on data processing and data sharing agreements.
  • Advised a well-known UK institution on data protection implementation and compliance.
  • Advising a number of large commercial organisations on their data collection, storage, processing and retention policies and procedures.
  • Handling ICO complaints on behalf of clients.
  • Advising organisations on how to handle data subject access requests.
  • Providing practical, commercial advice on the interpretation of the data protection and privacy regulations to ensure that a company’s compliance with the law does not restrict its operations unnecessarily.
  • Advising commercial clients on the steps they need to take to deal with Brexit once the transition period expires and the implications of the invalidation of the US Privacy Shield.
Jonathan Bruck
Head of Employment
+44 20 7539 7305
View profile
Robert Paydon
Head of Commercial Litigation
+44 20 7539 7280
View profile
Zane Shihab
Head of Sport, IP & Media
+44 20 7539 7312
View profile
James Thorndyke
Partner, Dispute Resolution
+44 20 7539 7258
View profile
Karin Kiho
Solicitor, Employment
+44 20 7539 7304
View profile
Ben McLaughlin
Associate Solicitor, Sports, Media & IP
+44 20 7539 7253
View profile

Related News, Insights and Events

September 4, 2020

Government ‘Build Build Build’ Reforms under review following challenge by Campaign Group

Read more
August 14, 2020

Court convened scheme meetings in the time of COVID-19

Read more
August 13, 2020

Intellectual property considerations in light of Brexit

Read more
Latest from @Kerman&Co

As the end of 2020 fast approaches, our minds now turn back to the implications of Brexit. In this article we seek… https://t.co/JpM4Xfw1Dp https://t.co/JpM4Xfw1Dp

Latest deal from our Capital Markets team advising our long-standing AIM-quoted client, Columbus Energy Resources P… https://t.co/MBttEjLQHF https://t.co/MBttEjLQHF

How can we help?

Would you like our experts to assist you with your legal requirements?

  • By completing this form you agree to your details being used to email you the information requested in accordance with our Privacy Policy.