Justin Harrington Partner

Photograph of Justin Harrington

Contact Details

“An excellent operator who understands the needs of the clients.”

Chambers and Partners 2018
Justin advises customers and suppliers in respect of all aspects of technology procurement and outsourcing.

Main areas of practice 

Justin acts for both customers and suppliers. At various times, he has worked on some of the largest and most complex IT projects in the UK.

Justin has also spent time in-house on secondment to IT consultancy Accenture and on secondment to the Department of Health (Private Finance Unit) and Home Office.

Significant experience

Public Sector Contracts

  • Assisting Welsh Government in respect of its Merlin outsourcing arrangements
  • Advising HPC Wales on its procurement of Europe's first distributed high performance computing systems with Fujitsu
  • Advising the Home Office and the new Identity and Passports Service on the UK’s controversial ID Cards Project

IT Outsourcing Contracts and Major Procurements (acting for suppliers and customers)

  • Advising in respect of numerous business process outsourcing projects, for both customers and suppliers. I have particular experience of advising on financial services outsourcings in compliance with FCA (and PRA) guidelines. Projects have included outsourcings from a large number of well-known investment management companies both in respect of UK, Luxembourg and Irish business.
  • As part of these projects, I am used to advising on issues related to trans-border data flows and transfers of data outside the EEA.
  • I advise in respect of SAAS and other cloud contracts, frequently in a regulatory context (eg FCA regulated outsourcing of loan records management to a SAAS supplier). A number of these projects are of very substantial value and include value for money mechanisms not achieved elsewhere (eg purchase card systems for the Welsh public sector).
  • I advise in respect of major IT and communications infrastructure projects. These have included advising a supplier on implementation and roll out of two £400million projects with central government and Welsh Government’s Next Generation Broadband Wales project, one of the largest communications infrastructure projects in Europe.
  • Together with my team, we are used to advising on back to back flow down arrangements for suppliers, intra-group services and contracts using agile software development.


Justin’s Blog

Incorporating by reference: key risks

Many organisations have global supply arrangements or framework agreements with key subcontractors and suppliers.

Outsourcing gone wrong: key lessons from BT v Cornwall.

In 2013, Cornwall Council (the “Council”) and the local Cornwall NHS trust (together, the “Defendants”) entered into a “strategic partnering” agreement with BT Cornwall (“BTC”).

Proposed guidance for firms outsourcing to the cloud and other third party IT services- An overview of the FCA guidance consultation

The FCA has produced this draft guidance as a response to perceived uncertainty as to how their rules apply to the cloud and “other third party IT systems”. The latter term is not further defined

Articles by Justin

Preparing for the General Data Protection Regulation


From 25 May 2018, all organisations will need to comply with the General Data Protection Regulation (GDPR). Whilst the GDPR is EU law and therefore potentially affected by Brexit

Brexit could leave businesses more open to cyberattacks


Justin Harrington, a partner at national law firm Blake Morgan specialising in technology, said: "It will be vital for UK businesses to ensure that our security levels are consistent with European cybersecurity measures.

FCA Guidance


Guidance released by the FCA in July aims to clarify the requirements on regulated firms when outsourcing to the cloud and other third-party IT services.

Related Knowledge & Resources

A Data Protection Bill - Fit For the Digital Age?

The Data Protection Bill (the Bill) was placed before the House of Lords on Wednesday (13th September). A copy of the Bill in its current form was published shortly afterwards and can be found...

General Data Protection Regulation ((EU) 2016/679)

the GDPR will become directly applicable in all EU member states and, despite Brexit negotiations, the UK Government has confirmed that it will be implementing these new rules in full. Designed to be more future-proof than its predecessor.

The Queen’s Speech and data protection - Keeping UK Data Protection “world class” and implementing the General Data Protection Regulation

The Queen’s Speech on 21 June set out the UK Government’s legislative programme included plans for a Data Protection Bill to ensure that the UK retains its “world-class” data protection regime.

The Draft Wales Bill

What is the significance of the provisions in the Bill? This is a draft Bill published by the Secretary of State for Wales, rather than a Bill proper. It is being consulted on, in advance of introducing a Bill proper sometime early in the new year.

Commercial Law Briefing: Getting the Boilerplate Right

Commercial Law Briefing: Getting the Boilerplate Right - An A to Z of Commercial Contract "Boilerplate" clauses and some lessons from recent cases.