Data Protection & Privacy

Our solutions-based, experienced commercial team are dedicated to helping businesses with all their contractual, commercial and trading issues that they face. The team provides contentious and non-contentious advice and is recognised for providing support that goes beyond straight-forward legal services. Our clients include growing and established corporates and specialist internet and data-rich companies operating across a broad range of sectors including sport; telecommunications and technology; financial services; healthcare and pharmaceuticals; retail; insurance and energy.

We advise our clients at each stage of the data lifecycle: From the initial assessment and reduction of their privacy and security risks to ensure compliance with applicable laws, to the development of new products, services and marketing strategies. We are heavily embedded in the technology sector and regularly advise customers and suppliers on matters relating to information technology, data governance and protection, privacy and cybersecurity. This includes providing advice in relation to compliance, data breaches, risk management policies and procedures, cyber risks, data transfer challenges and use of cookies and online tracking.

We regularly advise on the full range of legal issues relating to data protection and privacy:

  • Advising on privacy and security at the outset to maximise the effectiveness of the client’s offering and avoid legal and regulatory pitfalls (including advice on the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA 2018)).
  • Advice on complex issues associated with personal data (including special category data) and sensitive business data, including its collection, use, storage, disclosure, transfer and destruction.
  • Data protection, privacy and cybersecurity audits, compliance risk assessment and remediation.
  • Data security, privacy and technology regulatory response and litigation.
  • Regulatory investigations by data protection authorities and assisting with regulatory or enforcement action taken, or damages claims brought, against businesses as a result of alleged breaches in respect of obligations under the GDPR and DPA 2018
  • Security incident investigation, response and remediation.
  • Cross-border data flow requirements, including Privacy Shield, EU Binding Corporate Rules and other solutions
  • Leveraging personal information for advertising and marketing.
  • Management of employee information.
  • M&A transactions.
  • Proactive incident response planning.
  • Restrictions on collection and use of consumer information.
  • Data protection program development, including supporting consumer engagement activities such as marketing and advertising (with particular focus on E-privacy regulations, soft opt-in and electronic marketing).
  • Dealing with data subject access requests, data breach issues and notifications.
  • Advice on minimising financial loss and reputational damage.
  • Preparation of privacy notices, cookie policies and opt-in wording on websites and other platforms.
  • Assisting companies to develop compliance guidelines and carry out data protection audits.
  • Preparing confidentiality agreements.
  • Drafting and negotiation of data processing and data sharing agreements.
  • Assisting with any regulatory or enforcement action taken or damages claims brought against businesses as a result of alleged breaches in respect of obligations under the GDPR and DPA 2018.
  • Advising employers on their compliance with GDPR e.g. employee and candidate privacy notices, reviewing/updating employment contracts.
  • Advising on data protection and cookie policies and related documents for companies in various sectors.
  • Advising various clients on their data protection compliance arrangements and data flow.
  • Advising various businesses and sub-processors on data processing and data sharing agreements.
  • Advised a well-known UK institution on data protection implementation and compliance.
  • Advising a number of large commercial organisations on their data collection, storage, processing and retention policies and procedures.
  • Handling ICO complaints on behalf of clients.
  • Advising organisations on how to handle data subject access requests.
  • Providing practical, commercial advice on the interpretation of the data protection and privacy regulations to ensure that a company’s compliance with the law does not restrict its operations unnecessarily.
  • Advising commercial clients on the steps they need to take to deal with Brexit once the transition period expires and the implications of the invalidation of the US Privacy Shield.
Jonathan Bruck
Head of Employment
+44 20 7539 7305
View profile
Robert Paydon
Head of Commercial Litigation
+44 20 7539 7280
View profile
Zane Shihab
Head of Sport, IP & Media
+44 20 7539 7312
View profile
James Thorndyke
Partner, Dispute Resolution
+44 20 7539 7258
View profile
Karin Kiho
Solicitor, Employment
+44 20 7539 7304
View profile
Ben McLaughlin
Associate Solicitor, Sports, Media & IP
+44 20 7539 7253
View profile

Related News, Insights and Events

November 13, 2020

New National Security and Investment Bill means tougher screening measures for investment into UK Companies

Read more
November 12, 2020

COVID-19 Update: Coronavirus Job Retention Scheme - updated guidance

Read more
November 6, 2020

COVID-19 Update: Coronavirus Job Retention Scheme: Extension

Read more
Latest from @Kerman&Co

Our employment team summarises the latest position for employers following the HM Treasury's latest announcement re… https://t.co/DCbaLUKrzL https://t.co/DCbaLUKrzL

Our employment team summarise the latest position for employers following HM Treasury's announcement that the Coron… https://t.co/WSjLfbDyfE https://t.co/WSjLfbDyfE

How can we help?

Would you like our experts to assist you with your legal requirements?

  • By completing this form you agree to your details being used to email you the information requested in accordance with our Privacy Policy.