Data Protection & Privacy Lawyers | GDPR | London

Data protection & privacy legal services | Including General Data Protection Regulation (GDPR)

Data Protection and Privacy laws across Europe regulate the way in which we handle data. They establish a set of rules for handling data and give individuals a right to know what information is held about them.

We can advise you on everything to do with the application of and compliance with the data protection rules across Europe – including the EU and UK GDPR regimes and the UK Data Protection Act 2018.

We are highly experienced data protections lawyers with expertise in GDPR

Members of our team have also been at the forefront of advising businesses on GDPR from the very first proposals for a new law in 2012. We have advised clients on the consequences of GDPR and helped put policies and procedures in place to deal with the changes.

We’ve assisted our clients in planning their GDPR strategy and we have helped them train employees. We have also worked with suppliers of goods and services to help them focus their operations and have provided specialist support to project development teams.

Supporting clients in Information Commissioner’s Office (ICO) investigations

Our team has supported clients in investigations and enquiries from regulators including handling more than 100 investigations involving the UK data regulator the Information Commissioner’s Office (ICO). When facing an investigation it’s crucial that you have experienced advisors who understand how to handle the issues you’re facing. We have the specialist knowledge and experience you need.

We have also advised clients and their lawyers on the data protection aspects of investigations and eDiscovery.

Experts in international data transfers

We have done lots of work on data transfers too, especially the challenges of transferring data from Europe to the US. We’ve advised clients on the issues relating to the collapse of Safe Harbor and Privacy Shield and their replacement with the Data Protection Framework. We’ve helped clients using standard agreements to transfer data and we’ve helped with their data adequacy assessments.

Legal advice on rights guaranteed to data subjects under GDPR

We have been advising clients on the right to be forgotten. Our lawyers have been advising our clients on procedures to deal with right to be forgotten requests and we have helped them decide difficult cases. We have also successfully defended clients in threatened litigation to enforce right to be forgotten requests.

The scope of our data protection & privacy services

We can also help you work through your compliance obligations when using new technology including:

• transparency obligations under GDPR & the EU AI Act
• dealing with subject access requests (including aggressive requests from former employees and customers)
• dealing with data breaches and reporting to regulators
• cookie compliance (including defending clients in regulatory complaints)
• defending proposed class actions
• document review issues for investigations and eDiscovery
• Data Protection Impact Assessments
• marketing (including consents)
• apps
• cloud computing
• employee monitoring
• hybrid working, home working  and BYOD
• mobile payments
• tracking technologies
• e-commerce
• AI
• Internet of Things

Our GDPR lawyers have worked across key sectors

Our team of data protection lawyers have experience advising clients from a significant number of key industries that contribute to the UK, EU and wider global economies.

We have completed work in across a wide range of industry sectors  including:

• Automotive
• Chemicals
• Energy
• Entertainment
• Fashion
• Financial Services
• Healthcare
• Leisure & hotels
• Manufacturing
• Media
• Pharmaceuticals
• Recruitment
• Retail
• Technology

Spotlight on cases that our data protections lawyers have handled

Recent cases handled by our team include:

• Helping an organisation deal with data breaches instigated by its CEO and a senior employee.  This included supporting actions against those individuals and liaising with regulators to report the breach and make a case for criminal proceedings under the Data Protection Act 2018.
• Representing a well know US corporation in connection with an investigation from a regulator about its use of cookies.
• Handling an aggressive Subject Access Request in the energy sector from a former employee.
• Dealing with threatened civil actions in connection with cookies and data transfer.
• Helping a private-equity backed information services provider get ready for sale. The work included a comprehensive data protection program which significantly increased the sale price.
• Dealing with a series of Subject Access Requests in the health sector which involved proceedings being issued in the UK to enforce the subject access right. Those proceedings were settled on what our client believes to be acceptable terms.
• Supporting a UK listed entity in data issues related to the departure of a senior individual including liaising with a regulator in connection with a criminal investigation into that individual’s conduct.
• Helping manage a complicated and contentious Subject Access Request for a household name organisation.
• Advising on data transfer post Privacy Shield including on data transfer agreements, notices, new processes and Binding Corporate Rules.
• Developing a Data Protection Impact Assessment (DPIA) process for a well-known client in healthcare. The process is used to risk assess all of their new uses of personal data.
• Helping a spin-out chemicals business design it’s data protection strategy. The program included mapping out a new global program, in-country data protection registrations, a new website privacy policy, new internal policies and training. The program was designed to fit in with the data protection strategy of the client’s new owner, a major financial services organisation.
• Advising on the implementation of helplines including ensuring the scope of the helpline meets data protection and data export laws and securing necessary registrations.
• Successfully defending three right to be forgotten claims for a client involved in the financial services sector.
• Developing a DPIA process for a well-known client in financial services. This process is used to risk assess all of their new uses of personal data including new financial services products coming on stream.
• Advising on data protection implications of e-discovery in US court proceedings and in meeting information requests in arbitrations.
• Advising a leading chemicals company on its data protection issues including data security, responding to a security breach, advising on Works Council consultations and data transfer.
• Advising a US-listed e-commerce platform in developing its data protection strategy and ongoing advice including helping them manage data subject requests, dealing with regulatory investigations, helping them manage information requests from investigatory and other bodies.
• Working with one of America’s largest retailers on their new privacy program. The work involved managing a global program of audit, risk reduction and training to improve global privacy, data-protection and data security compliance.
• Advising a leading fashion brand on their move into Europe including advice on one to one in-store marketing in the UK, France and Italy.

Speak with a data protection lawyer

For tailored legal advice on regulatory and compliance matters relating to data protection, privacy and/or GDPR, please Contact Us. We are ready to support you with your specific needs and collaborate with you to achieve your objectives.