Data Protection

We have extensive experience of advising clients on a wide range of data protection and privacy issues. This is a complex and constantly changing area of law that affects organisations of all sizes, across all sectors, and often across multiple jurisdictions.

Since the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018, the legal and regulatory landscape surrounding data privacy has become significantly more demanding.

The GDPR imposed far-reaching obligations on organisations not only to comply with data protection principles, but to be able to demonstrate that compliance.

It marks the most substantial reform to data protection law and practice in the EU and UK (following the UK’s exit from the EU) in over two decades, bringing with it severe penalties for non-compliance and a global reach. Importantly, the GDPR applies not just to UK and EU-based businesses, but also to non-UK and non-EU entities that process the personal data of individuals in the UK or EU, making compliance an essential consideration for international businesses engaging with the UK and the EU markets.

The GDPR is just one part of a broader legal framework. Other legislation, such as the Privacy and Electronic Communications Regulations (PECR) and the Data (Use and Access) Act in the UK regulate and update areas such as electronic marketing, cold-calling and the use of cookies and tracking technologies. These rules must be interpreted alongside the GDPR to ensure a comprehensive and compliant approach to data handling and digital operations.

What we do best:

Services we provide include:

Advising UK and international businesses on data protection compliance in the UK and EU.
Drafting data protection policies to support compliance and manage risk, including drafting and reviewing privacy policies, cookie policies, data retention policies and data protection policies.
Advising on international transfers of personal data outside the UK and EU, assessing the sufficiency of current safeguards in place and advising on the necessity of additional safeguards and measures.
Advising on data sharing initiatives and strategies and the commercial exploitation of data.
Carrying out Data Protection Impact Assessments for high-risk data protection processing.
Drafting and advising on GDPR compliant data processing agreements and data sharing agreements.
Advising on the use of cookies and tracking technologies.
Preparing data security due diligence questions and advising on data security breaches.
Managing Data Subject Access Requests.
Advising on the use of personal data for direct marketing purposes and compliance with marketing rules.
Advising on the sale and acquisition of personal data as part of a wider corporate or commercial transaction.

Overview

Artifical Intelligence

Commercial Contracts

Confidentiality and NDAs

Data Protection

Domain Names

IT Disputes

Media

Online and Social Media Issues

Outsourcing

Research & Development

Software and Technology

Websites and Mobile Apps

Contact the team

Contact our team

Phone: +44 (0)20 7691 400

Email: enquiries@edwincoe.com

Examples of our work include:

Advising a leading social care provider on data protection issues generally particularly concerning the practices proposed by its IT supplier relating to sensitive personal data.

Advising a leading online provider of dating services on a range of data protection and privacy issues including in relation to the transfer of databases.

Defending proceedings for failure to comply with a DSAR, rectification of personal data and damages.

Advising a multi-national business on the transfer of personal data between Europe and the US and working with US lawyers on the setting up of a safe harbour arrangement in the US.

Providing legal advice on data sharing practices and data transfers to the US, including assessment and application of FISA and EO12333

General day to day advice to a number of clients on data protection issues including in relation to the transfer of personal data between group companies and the use of personal data for direct marketing purposes.

Acting on the sale of a number of customer databases in multi-jurisdictions worldwide and ensuring that national data protection laws were complied with in each case.

Acting for the supplier of medical devices in a dispute concerning the use of personal data in sales databases across Europe.

View all People

Our Team