We have a large amount of experience of advising clients on their data protection and privacy issues. This is a complex and constantly changing area of law with implications for organisations across all sizes, sectors, and frequently, jurisdictions as well.
The significance of data protection and data privacy law continues to grow especially since the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018, and it is increasingly impractical for any modern business or entity to function without regard to data privacy laws and regulations.
The GDPR introduced important and significant new obligations on organisations to comply and to demonstrate their compliance. It represents the biggest change in data protection law and practice for over 20 years, ushering in severe consequences and high penalties for non-compliance. Significantly, it applies to both EU and non-EU entities and the need to understand its implications and be ready to comply with the rules now extends worldwide.
With further significant regulatory reforms on the horizon such as the e-Privacy Regulations, it is more important than ever for organisations to understand their obligations and prepare for compliance to mitigate the risks of potentially large and increasingly well publicised sanctions and recriminations.
Our team has wide experience of both advisory and transactional work in this area. We are regularly asked to:
- advise clients on their changing obligations under the new laws
- advise on the impact of BREXIT on data privacy and assist clients getting prepared for the likely consequences
- advise businesses on the practicalities of implementing and demonstrating their compliance obligations in a practical and commercial way
- draft, audit or review documents and policies to meet new compliance and best practice requirements
- advise on and negotiate the data protection aspects of acquisitions or sales of services or businesses, including in relation to the transfer of customer databases
- provide training to clients or speak at seminars on regulatory developments
- assist with ICO registration requirements
- handle enforcement, investigation and sanction matters with regulators (including the ICO and CMA)
- advise on management of subject access requests and other data subject rights
- advise on requirements for cross-border transfers of data, including by co-ordinating with our strong network of overseas counsel contacts
We also work with various multi-national and overseas clients (particularly in the US), who face particular challenges in this area from the unfamiliarity with the strict European regulatory environment and particularly complicated cross-border data transfer issues.
We understand the concerns and practical challenges faced by businesses in this area, and pride ourselves on being able to provide informed, tailored solutions for our clients in a commercial and cost-effective way.
If you would like to discuss this further, please contact a member of our Data Protection team below.
- Advising a leading social care provider on data protection issues generally, particularly concerning the practices proposed by its IT supplier relating to sensitive personal data
- Advising a leading online provider of dating services on a range of data protection and privacy issues including in relation to the transfer of databases
- Acting on the sale of a number of customer databases in a number of countries worldwide and ensuring that national data protection laws were complied with in each case
- Corresponding with the UK regulation (the ICO) on a range of data protection issues
Making applications to search engine providers under the, “right to forget” jurisdiction
- Assisting both the sellers and the buyers on the sale and subsequent use of marketing databases across Europe
- Advising a multi-national business on the transfer of personal data between Europe and the US and working with US lawyers on the setting up of a safe harbour arrangement in the US
- Working with a range of employees and employers on a number of, often complex, Data Subject Access Requests
- Acting for the supplier of medical devices in a dispute concerning the use of personal data in sales databases across Europe
- General day-to-day advice to clients on data protection issues including in relation to the transfer of personal data between group companies and the use of personal data for direct marketing purposes
We went there because we weren't treated as just a number on a list.
Chambers UK 2014
They have a good understanding of our needs and service them with knowledge and understanding of the issues.
Chambers UK 2014