Skip to content
Sub practice
Sub practice

Data Protection

In an increasingly regulated environment, businesses need to manage their data in order to manage their reputational and financial risks.

Across our international network, our data protection practitioners advise leading corporations and financial institutions on all aspects of compliance with data privacy law.

We carry out cross-border data privacy surveys for clients, both to review their existing processes and procedures and to help set up new ventures.  With significant experience of designing, drafting, reviewing and updating internal policies as well as 3rd party contracts, we support clients with data collection and consents; cross-border data transfers; data monetization and ethics; liability and penalties; Privacy by design; automated data processing and profiling; and interactions with the relevant data protection authorities. We also advise clients on the implications of freedom of information legislation, how to mitigate risk and the potential to use the legislation for competitive advantage. 

Our team draws on specialists from a variety of complementary disciplines including employment and benefits, financial services, intellectual property, outsourcing, regulatory and regulatory litigation to deliver a comprehensive approach to our clients' data protection needs.

With strong working relationships with regulators across our network, we have developed a nuanced understanding of the attitude of regulators and to assist clients with risk-based analysis.  This means we provide our clients with a quick and efficient response – regardless of time zone.  Our global presence, together with the extensive experience of our integrated international data protection group, sets us apart from many of our competitors.  We have detailed experience in each jurisdiction, which brings valuable insight to managing the differing legal systems, cultures and regulatory regimes.

We are active participants in the privacy community, including the International Association of Privacy Professionals and regular speakers at industry events as well as contributing to industry publications.

Speak to one of our data experts today.

Explore our services

Our experience

A number of leading UK retail companies

A number of leading UK retail companies

on how best to lawfully maximise and share their customer data among various business units or to drive new product offerings. Given the standing of the clients concerned in the public eye and the value of the various opportunities these involve a delicate balancing of the reputational/GDPR risk of taking too liberal a view as against the risk of being overly cautious and falling behind the market. We have been involved in assisting clients considering a range of possible options; appropriate risk mitigations and ultimately determining how best to commercialise data lawfully.
A global information services company

A global information services company

on several AI projects including advising on data protection impact assessments of AI projects (chatbots and HR analytics) and on the application of AI in HR analytics projects. We also provided an EU AI Act workshop with the client’s AI specialist.
A number of companies

A number of companies

in response to ransomware attacks, including considering and dealing with notification obligations across multiple jurisdictions; whether to obtain injunctions in respect of the potential publication of their data; advising on the issues arising in respect of the potential payment of ransoms and the legality of that strategy; and assisting in relation to potential litigation arising from the relevant issue.
An electronics manufacturer

An electronics manufacturer

on its rollout of cameras that use facial and body shape recognition systems in the UK and EU markets. The product expansion into these markets was a core element of its product strategy, and the company was keen to build privacy-by-design into its rollout particularly given the sensitivity of the biometric data involved and the European regulatory focus in this area. We provided strategic and pragmatic advice on a number of data protection matters relating to this product rollout, including the role of the company (and others in the product supply chain) under European data protection laws, lawful basis for processing, data minimisation and recommendations for minimising risk under data protection laws. We also advised on the privacy notice and other fair processing information given to product users at various stages of the product lifecycle.
A range of clients

A range of clients

on their responses to DSARs, including in the context of high profile employment disputes and in some cases significant enforcement action where whistleblowers are involved.
A global bank

A global bank

on a range of digital/data initiatives including their use of cookies across Europe and their approach to Adtech. This included carrying out detailed data protection impact assessments across all of the bank’s paid media advertising activities, assessing the controllership positions of each relevant entity in the Adtech ecosystem, and providing strategic and practical remediation measures.

News and insights

Magnified image of fibre optic cables

Publications: 25 May 2023

Happy birthday, GDPR – five lessons from five years of EU data protection law

In the five years since the European Union’s General Data Protection Regulation came into force, what have been the main learnings for business, and what will the future hold?

Read more

Blog Post: 28 September 2023

UK lays regulations before Parliament to establish the UK-US data bridge

On 21 September 2023, the Secretary of State for Science, Innovation and Technology laid before the UK Parliament the Data Protection (Adequacy) (United States of America) Regulations 2023 (the…

Read more
hardware

Blog Post: 21 September 2023

Saudi Arabia Finalised PDPL Regulations published in Official Gazette

On 7 September 2023, the Saudi Data & Artificial Intelligence Authority (SDAIA) published the (i) Implementing Regulations of the Personal Data Protection Law (PDPL) and (ii) Regulation on Personal…

Read more
Server tower

Blog Post: 14 September 2023

France CNIL calls for comments on its draft recommendation on security of critical data processing operations

The French supervisory authority (CNIL) asked for public comments on its draft recommendation on data security in relation to processing that presents particularly high risks to individuals or to the…

Read more
View more

Recognition

Allen & Overy lawyers consistently deliver thoughtful and pragmatic guidance on how to address complicated privacy laws.

Chambers 2023 (Data Protection & Information Law)

A formidable team.

Legal 500 2022 (Data Protection, Privacy and Cybersecurity)

They are highly knowledgeable and able to steer us in the best way to achieve compliance.

Legal 500 2022 (Data Protection, Privacy and Cybersecurity)

They have incredible strength in data protection.

Chambers Europe 2023 (Data Protection)

Related content

Coding on a computer screen

Data protection brochure

Why data protection has become a crucial and complex topic for companies.

Download PDF
Side profile of a face with horizontal lines coming from it

A&O Data Hub

Focusing on the latest digital trends and risks and developments in the field of data protection, privacy, information and cyber law.

Read more
Binary code on a computer screen

Rulefinder

Analysis of global data privacy obligations in one easy to navigate location.
Read more

Cookies on our website

We use cookies on our site to remember you, show you content we think you will like and help you to use the site. For more details, please see our cookies policy.

Click 'Accept' to consent to cookies other than strictly necessary cookies or 'Reject' if you do not. You can change your mind at any time by visiting our cookie policy page.

Accept cookies
Reject cookies