Skip to content
Sub practice
Sub practice

Data Protection

In an increasingly regulated environment, businesses need to manage their data in order to manage their reputational and financial risks.

Across our international network, our data protection practitioners advise leading corporations and financial institutions on all aspects of compliance with data privacy law.

We carry out cross-border data privacy surveys for clients, both to review their existing processes and procedures and to help set up new ventures.  With significant experience of designing, drafting, reviewing and updating internal policies as well as 3rd party contracts, we support clients with data collection and consents; cross-border data transfers; data monetization and ethics; liability and penalties; Privacy by design; automated data processing and profiling; and interactions with the relevant data protection authorities. We also advise clients on the implications of freedom of information legislation, how to mitigate risk and the potential to use the legislation for competitive advantage. 

Our team draws on specialists from a variety of complementary disciplines including employment and benefits, financial services, intellectual property, outsourcing, regulatory and regulatory litigation to deliver a comprehensive approach to our clients' data protection needs.

With strong working relationships with regulators across our network, we have developed a nuanced understanding of the attitude of regulators and to assist clients with risk-based analysis.  This means we provide our clients with a quick and efficient response – regardless of time zone.  Our global presence, together with the extensive experience of our integrated international data protection group, sets us apart from many of our competitors.  We have detailed experience in each jurisdiction, which brings valuable insight to managing the differing legal systems, cultures and regulatory regimes.

We are active participants in the privacy community, including the International Association of Privacy Professionals and regular speakers at industry events as well as contributing to industry publications.

Speak to one of our data experts today.

Our experience

A number of leading UK retail companies

A number of leading UK retail companies

on how best to lawfully maximise and share their customer data among various business units or to drive new product offerings. Given the standing of the clients concerned in the public eye and the value of the various opportunities these involve a delicate balancing of the reputational/GDPR risk of taking too liberal a view as against the risk of being overly cautious and falling behind the market. We have been involved in assisting clients considering a range of possible options; appropriate risk mitigations and ultimately determining how best to commercialise data lawfully.
A global information services company

A global information services company

on several AI projects including advising on data protection impact assessments of AI projects (chatbots and HR analytics) and on the application of AI in HR analytics projects. We also provided an EU AI Act workshop with the client’s AI specialist.
A number of companies

A number of companies

in response to ransomware attacks, including considering and dealing with notification obligations across multiple jurisdictions; whether to obtain injunctions in respect of the potential publication of their data; advising on the issues arising in respect of the potential payment of ransoms and the legality of that strategy; and assisting in relation to potential litigation arising from the relevant issue.
An electronics manufacturer

An electronics manufacturer

on its rollout of cameras that use facial and body shape recognition systems in the UK and EU markets. The product expansion into these markets was a core element of its product strategy, and the company was keen to build privacy-by-design into its rollout particularly given the sensitivity of the biometric data involved and the European regulatory focus in this area. We provided strategic and pragmatic advice on a number of data protection matters relating to this product rollout, including the role of the company (and others in the product supply chain) under European data protection laws, lawful basis for processing, data minimisation and recommendations for minimising risk under data protection laws. We also advised on the privacy notice and other fair processing information given to product users at various stages of the product lifecycle.
A range of clients

A range of clients

on their responses to DSARs, including in the context of high profile employment disputes and in some cases significant enforcement action where whistleblowers are involved.
A global bank

A global bank

on a range of digital/data initiatives including their use of cookies across Europe and their approach to Adtech. This included carrying out detailed data protection impact assessments across all of the bank’s paid media advertising activities, assessing the controllership positions of each relevant entity in the Adtech ecosystem, and providing strategic and practical remediation measures.

News and insights

Magnified image of fibre optic cables

Publications: 25 May 2023

Happy birthday, GDPR – five lessons from five years of EU data protection law

In the five years since the European Union’s General Data Protection Regulation came into force, what have been the main learnings for business, and what will the future hold?

Read more

Blog Post: 28 September 2023

UK lays regulations before Parliament to establish the UK-US data bridge

On 21 September 2023, the Secretary of State for Science, Innovation and Technology laid before the UK Parliament the Data Protection (Adequacy) (United States of America) Regulations 2023 (the…

Read more
hardware

Blog Post: 21 September 2023

Saudi Arabia Finalised PDPL Regulations published in Official Gazette

On 7 September 2023, the Saudi Data & Artificial Intelligence Authority (SDAIA) published the (i) Implementing Regulations of the Personal Data Protection Law (PDPL) and (ii) Regulation on Personal…

Read more
Server tower

Blog Post: 14 September 2023

France CNIL calls for comments on its draft recommendation on security of critical data processing operations

The French supervisory authority (CNIL) asked for public comments on its draft recommendation on data security in relation to processing that presents particularly high risks to individuals or to the…

Read more

Recognition

Related content