Skip to content
Sub practice
Sub practice

Data Protection

In an increasingly regulated environment, businesses need to manage their data in order to manage their reputational and financial risks.

Across our international network, our data protection practitioners advise leading corporations and financial institutions on all aspects of compliance with data privacy law.

We carry out cross-border data privacy surveys for clients, both to review their existing processes and procedures and to help set up new ventures.  With significant experience of designing, drafting, reviewing and updating internal policies as well as 3rd party contracts, we support clients with data collection and consents; cross-border data transfers; data monetization and ethics; liability and penalties; Privacy by design; automated data processing and profiling; and interactions with the relevant data protection authorities. We also advise clients on the implications of freedom of information legislation, how to mitigate risk and the potential to use the legislation for competitive advantage. 

Our team draws on specialists from a variety of complementary disciplines including employment and benefits, financial services, intellectual property, outsourcing, regulatory and regulatory litigation to deliver a comprehensive approach to our clients' data protection needs.

With strong working relationships with regulators across our network, we have developed a nuanced understanding of the attitude of regulators and to assist clients with risk-based analysis.  This means we provide our clients with a quick and efficient response – regardless of time zone.  Our global presence, together with the extensive experience of our integrated international data protection group, sets us apart from many of our competitors.  We have detailed experience in each jurisdiction, which brings valuable insight to managing the differing legal systems, cultures and regulatory regimes.

We are active participants in the privacy community, including the International Association of Privacy Professionals and regular speakers at industry events as well as contributing to industry publications.

Speak to one of our data experts today.

Explore our services

Our experience

A number of leading UK retail companies

A number of leading UK retail companies

on how best to lawfully maximise and share their customer data among various business units or to drive new product offerings. Given the standing of the clients concerned in the public eye and the value of the various opportunities these involve a delicate balancing of the reputational/GDPR risk of taking too liberal a view as against the risk of being overly cautious and falling behind the market. We have been involved in assisting clients considering a range of possible options; appropriate risk mitigations and ultimately determining how best to commercialise data lawfully.
A global information services company

A global information services company

on several AI projects including advising on data protection impact assessments of AI projects (chatbots and HR analytics) and on the application of AI in HR analytics projects. We also provided an EU AI Act workshop with the client’s AI specialist.
A number of companies

A number of companies

in response to ransomware attacks, including considering and dealing with notification obligations across multiple jurisdictions; whether to obtain injunctions in respect of the potential publication of their data; advising on the issues arising in respect of the potential payment of ransoms and the legality of that strategy; and assisting in relation to potential litigation arising from the relevant issue.
An electronics manufacturer

An electronics manufacturer

on its rollout of cameras that use facial and body shape recognition systems in the UK and EU markets. The product expansion into these markets was a core element of its product strategy, and the company was keen to build privacy-by-design into its rollout particularly given the sensitivity of the biometric data involved and the European regulatory focus in this area. We provided strategic and pragmatic advice on a number of data protection matters relating to this product rollout, including the role of the company (and others in the product supply chain) under European data protection laws, lawful basis for processing, data minimisation and recommendations for minimising risk under data protection laws. We also advised on the privacy notice and other fair processing information given to product users at various stages of the product lifecycle.
A range of clients

A range of clients

on their responses to DSARs, including in the context of high profile employment disputes and in some cases significant enforcement action where whistleblowers are involved.
A global bank

A global bank

on a range of digital/data initiatives including their use of cookies across Europe and their approach to Adtech. This included carrying out detailed data protection impact assessments across all of the bank’s paid media advertising activities, assessing the controllership positions of each relevant entity in the Adtech ecosystem, and providing strategic and practical remediation measures.

News and insights

Magnified image of fibre optic cables

Publications: 25 May 2023

Happy birthday, GDPR – five lessons from five years of EU data protection law

In the five years since the European Union’s General Data Protection Regulation came into force, what have been the main learnings for business, and what will the future hold?

Read more
image of swooping bokah lights coming towards the screen at a angle

Publications: 03 April 2024

China passes provisions to relax the cross-border data transfer regime

China has passed provisions which relax the current cross-border data transfer mechanisms. This comes as welcome news to the international business community, especially those with the need to export…

Read more
AI

Publications: 01 April 2024

Allen & Overy’s Anna Rudawski on the increased liability pressures impacting Chief Information Security Officers

Anna Rudawski, cybersecurity response partner at Allen & Overy, discussed how the recent SEC rulings and increased liability pressures are impacting Chief Information Security Officers (CISOs), with…

Read more

Publications: 21 March 2024

Seizing the AI opportunity in Europe

In December 2022, MIT Technology Review named generative AI as one of its 10 breakthrough technologies of 2023. Less than a year later, respondents to a KPMG survey of CEOs ranked generative AI as…

Read more
View more

Recognition

Allen & Overy lawyers consistently deliver thoughtful and pragmatic guidance on how to address complicated privacy laws.

Chambers 2023 (Data Protection & Information Law)

A formidable team.

Legal 500 2022 (Data Protection, Privacy and Cybersecurity)

They are highly knowledgeable and able to steer us in the best way to achieve compliance.

Legal 500 2022 (Data Protection, Privacy and Cybersecurity)

They have incredible strength in data protection.

Chambers Europe 2023 (Data Protection)

Related content

Coding on a computer screen

Data protection brochure

Why data protection has become a crucial and complex topic for companies.

Download PDF
Side profile of a face with horizontal lines coming from it

A&O Data Hub

Focusing on the latest digital trends and risks and developments in the field of data protection, privacy, information and cyber law.

Read more
Binary code on a computer screen

Rulefinder

Analysis of global data privacy obligations in one easy to navigate location.
Read more