Data Protection & Information | Data Protection
Through the emergence of Big Data and the widespread collection of personal data through smartphone apps, privacy issues are coming under increasing scrutiny.
Trust builds reputation. Businesses excel where their customers and employees have confidence that their personal data are being managed lawfully, securely and appropriately, and where they are transparent about how and why they are processing data.
Our expertise
The privacy landscape is constantly evolving. From May 2018 the framework of the last 20 years will be replaced by the new EU General Data Protection Regulation. In the US, the previous “Safe Harbor” framework for transatlantic personal data transfers is no longer valid, and was replaced in August 2016 by the more stringent “Privacy Shield” framework.
Our expert team can help you address the risk, compliance and commercial issues associated with data protection law.
Our experience
We help businesses of all sizes, from start-ups to international listed companies by:
- negotiating and advising on contracts with a data focus
- preparing privacy and cookies polices
- providing standard and bespoke guides and training sessions to client teams
- conducting and assisting with data protection audits
We advise on:
- compliance issues, and preparations for upcoming changes in the law
- largescale transfers of personal data between jurisdictions
- data security issues
- Big Data analytics
- anonymisation of data
- data retention policies
- subject access requests
- CCTV practices
Related Expertise
Our Team
News & Insights
Artificial intelligence (AI) paves way for innovative technology advancement which benefits society, but there is also a potential for it to affect individuals' rights and freedoms. Consumers have become increasingly concerned about data security in recent years, resulting in "techlash" - a growing negative feeling against large tech companies.
In a landmark ruling in “Schrems II” by the European Court of Justice on 16 July 2020, it was declared that the EU-US Privacy Shield is no longer valid when transferring personal data from the EU to the US on the basis that it does not fully protect EU citizens given the surveillance by US agencies.
Last week Google’s Project Zero team published details of serious security flaws, Meltdown and Spectre, which affect almost every modern computer, and could allow hackers to steal sensitive personal data.
The Information Commissioner's Office (ICO) has published a number of guides on the GDPR designed to assist local authorities, education providers, small public health sector bodies, small organisations and charities.
On 19 June 2017, the Charity Commission published a Memorandum of Understanding (“MoU”) between itself and the Information Commissioner which sets out the functions and powers of both.
A key element of the Digital Economy Act 2017 comes into force on 27 June 2017 with the aim of ensuring the ICO can better enforce sanctions against organisations that make unsolicited marketing communications.
Recent fines issued by the ICO have underlined the toughening stance regarding the sending of unsolicited emails to individuals for the purposes of direct marketing.
Richard Harrison writes on the implications for solicitors of exclusive electronic storage of information: article published in New Law Journal (LexisNexis) 11 November 2016
After conducting their investigation of the cyber attack, the ICO issued TalkTalk a record fine of £400,000 for security failings that allowed the attacker to access customer data “with ease”.
Richard Harrison reflects on how an instructing solicitor would have interpreted Lord Goldsmith’s opinion on the legality of the Iraq war.
The enhancement of e-commerce is one of the important policy issues within the European Union. This guide examines the laws covering e-commerce across multiple jurisdictions including the options to resolve disputes should they arise.
If you discover that your business has fallen victim to a payment scam, it is essential you act quickly. We provide guidance on immediate practical steps to take and summarise the main options for legal action to try to recover misappropriated funds.
Payment scams are on the increase. They are big business for fraudsters and businesses of all shapes and sizes are being targeted. All businesses need to be alert to the risks and to ensure staff receive training to combat these convincing scams.
Judgment was handed down in the important case of Various Claimants v Wm Morrison Supermarket Plc (2017) concerning criminal misuse of data by an employee, a timely case given the upcoming enforcement date of the GDPR, under which the frequency of employee group actions is expected to increase.
The new data protection rules will apply from 25 May 2018. This briefing examines the key changes and highlights actions to take.
We summarise the key direct marketing rules that apply in the UK together with the practical steps that organisations can take to comply with them.
Evolving case law from the CJEU confirms that links to copyright works which are freely accessible on the internet do not infringe copyright...
On 12 July 2016, the European Commission deemed the Privacy Shield Framework adequate to enable data transfers between the European Union and the United States in support of transatlantic commerce.
On 27 April 2016, the EU General Data Protection Regulation (“GDPR”) was adopted. The GDPR’s changes to EU data protection rules will apply to all EU Member States from 25 May 2018.
In this briefing we tackle one of the biggest and most uncertain of all Brexit topics: what will happen to our laws after we leave?