Expert data protection lawyers
Our expert data protection lawyers advise businesses, public sector bodies and charities on all areas of data protection, privacy law, information governance and freedom of information.
We provide prompt, accurate and focused data protection advice from our six offices to both domestic and international clients.
We are the only UK law firm accredited by the British Computer Society to deliver training leading to the award of the prestigious BCS Practitioner Certificate in Data Protection.
Main Areas Of Practice
Our expert data protection lawyers are highly experienced in dealing with all areas of data protection, information governance and privacy law, including advising on:
Our expert team of data protection lawyers assists with all aspects of GDPR compliance including reviewing and drafting documentation, advising on cross-border data flows, carrying out data audits and assisting organisations to undertake and manage GDPR compliance exercises.
Data Protection Impact Assessments and Data Audits
Our data protection lawyers assist clients by drafting and reviewing DPIAs, identifying data protection risks in planned projects or current processing activities and advising on risk mitigation measures.
Data sharing and processing arrangements
We have extensive experience of advising major public sector clients on complex data sharing arrangements. We also advise financial institutions and suppliers on the data protection considerations of major IT outsourcing projects. This includes drafting and negotiating data processing agreements and contract variations to ensure GDPR compliance.
Privacy notices and compliance documents
Our data protection lawyers have vast experience of drafting and reviewing privacy notices for our clients, including notices aimed at children. Our data protection lawyers also advise on and draft compliance documents such as policies and procedures relating to information governance and security issues.
Personal data breaches and breach notification
Personal data breaches can have serious impacts on businesses. We have wide experience advising clients who have suffered personal data breaches, including advising on breach notification requirements under the GDPR and handling investigations by the Information Commissioner.
Individual requests (including subject access requests)
We advise clients on their obligations when responding to complex data subject requests, including the use of exemptions, as well as assisting clients to review and redact information before disclosure.
FOI and EIR requests
We advise our public sector clients on their disclosure obligations, the use of exemptions and handling complaints in response to requests under the Freedom of Information Act and the Environmental Information Regulations. We also advise on investigations by the Information Commissioner. On the other side, we assist clients to make use of the access to information legislation and advise third parties on the potential impact of disclosure.
Employment data protection matters
We advise private and public sector employers on their obligations under the GDPR. This includes drafting or reviewing privacy notices and privacy policies, advising employers on responding to data subject requests, providing data protection training and amending contracts of employment for compliance purposes.
Our data protection lawyers advise clients on how to structure their marketing campaigns in order to comply with data protection law, including obtaining valid consents.
We deliver high-quality training, including bespoke courses, in data protection and privacy law to a wide range of clients and contacts. We are the only law firm accredited by the British Computer Society to deliver courses leading towards the prestigious Practitioner Certificate in Data Protection qualification.
Our clients include businesses, charitable bodies, universities, schools and colleges, health and social care providers, and other public authorities. These range from data-rich businesses such as start-ups processing data in novel ways through to large corporations and public bodies involved with complex cloud computing arrangements and cross-border data flows.
Our expert team were instructed by a global travel management company to negotiate the drafting of worldwide agreements for the supply of travel management services across multiple jurisdictions, involving complex GDPR compliance issues.
We advised a US based global business development firm in respect of their market-leading predictive sales intelligence platform. Advised on complex cross-border GDPR issues relating to their business operations in the EU.
Our data protection experts acted for a large public body in relation to a high profile FOI request for highly sensitive information which was ultimately determined by the ICO. We were instructed to advise in relation to the ICO investigation. The ICO upheld the client's decision to withhold the information requested.
It's hard to believe that we're almost one year on from the biggest shake up of data protection laws for a generation. Much of the publicity – and the panic...Read More
Digital Marketing Agency Bisnode fined by the Polish DPA for failing to be transparent with data subjects
Poland's data protection agency, the national Personal Data Protection Office (UODO) has issued its first fine for non-compliance with the General Data Protection Regulation (GDPR). The target was Bisnode, a Swedish-headquartered digital...Read More
Michelle Lawlor-Perkins discusses GDPR six months on in People Management. This article was first published in People Management on November 7. What are the tricky issues employers are grappling with following the...Read More
A data protection claim that was potentially worth over £1 billion has been dismissed by the High Court. The claimant, Richard Lloyd, brought the case as a representative of a...Read More
The Information Commissioner's Office has today (20 September) issued a monetary penalty notice to credit reference agency Equifax Limited for serious breaches of data protection law. The £500,000 penalty represents the...Read More
Consent and Direct Marketing: What is informed consent in the UK? The decision of the First-tier Tribunal in Xerpla Ltd v The Information Commissioner
Background The UK has laws which prohibit spam – currently the Privacy and Electronic Communications (EC Directive Regulations 2003) (PECR). PECR runs in parallel with data protection law. Critical to...Read More