The storage and management of data has become a major issue for all businesses, led by large scale changes in the legal and regulatory environment over recent years, especially after the implementation of the General Data Protection Regulation (GDPR). Businesses need an appropriate strategy in place for the governance of data and a programme for ensuring legal and regulatory compliance. At stake is the reputation of the business and potential exposure to significant fines.

Our team of data protection experts have many years’ experience of advising businesses and other organisations including in governments and large not for profits on data management, working closely with the boards, legal and operational teams. They bring technical expertise and commercial wisdom borne of significant experience of managing these issues, so that the right solutions are found that are not only legally compliant but also commercially appropriate for your organisation.

Data Privacy

In respect of data privacy, we advise on

  • developing, managing and advising on data governance programmes, including GDPR issues, policies and privacy notices, vendor due diligence and international transfers of data
  • implementation and support around privacy by design in the development and management of technology, systems and business practices including projects involving AI, DLP systems, AdTech, facial recognition, digital health, app development and cloud computing
  • marketing issues
  • drafting and negotiating complex data, privacy and cybersecurity agreements
  • data protection issues in the context of outsourcing, employment and corporate law including M&A transactions
  • privacy law, data subject rights, CCTV, children related issues, compliance issues for personal data, employee related data issues
  • support in dealing with investigations by data protection regulators
  • data subject complaints handling management of data privacy incidents, including data breaches

Our cybersecurity legal service capability is comprehensive in scope, extending beyond data privacy.

  • Before-the-event cyber risk management and advice including vendor due diligence, legal incident management plan drafting, appropriately leveraging legal privilege, tabletop exercises, contracts drafting and negotiations and NIS Regulations and GDPR preparedness
  • Incident response including full or part incident support such as dealing with different regulators (such as the FCA, ICO and PRA) and law enforcement, liaising with internal or 3rd party incident response teams
  • Transactions and projects including cybersecurity risk management in M&A corporate transactions, joint ventures and outsourcing arrangements
Who we work with
  • listed and unlisted companies
  • Governmental organisations
  • NGOs and not for profits
  • individuals

Meet our team

Nick Benson
Partner - Business Law
Andrew Bird
Partner – Corporate
Jowanna Conboye
Partner - Intellectual Property; Technology; Commercial
Poh-Leng Devare
Partner – Commercial, Intellectual Property, Data Protection
Karl Foster
Partner - Commercial
Kristy Gouldsmith
Partner - Data Protection, Privacy and Cybersecurity
Emma Gross
Partner – Employment, Data Protection
Edmund Probert
Partner – Commercial Law, IT Contracts & Intellectual Property