Skip to content
Sub practice
Sub practice

Data Protection

In an increasingly regulated environment, businesses need to manage their data in order to manage their reputational and financial risks.

Across our international network, our data protection practitioners advise leading corporations and financial institutions on all aspects of compliance with data privacy law.

We carry out cross-border data privacy surveys for clients, both to review their existing processes and procedures and to help set up new ventures.  With significant experience of designing, drafting, reviewing and updating internal policies as well as 3rd party contracts, we support clients with data collection and consents; cross-border data transfers; data monetization and ethics; liability and penalties; Privacy by design; automated data processing and profiling; and interactions with the relevant data protection authorities. We also advise clients on the implications of freedom of information legislation, how to mitigate risk and the potential to use the legislation for competitive advantage. ; 

Our team draws on specialists from a variety of complementary disciplines including employment and benefits, financial services, intellectual property, outsourcing, regulatory and regulatory litigation to deliver a comprehensive approach to our clients' data protection needs.

With strong working relationships with regulators across our network, we have developed a nuanced understanding of the attitude of regulators and to assist clients with risk-based analysis.  This means we provide our clients with a quick and efficient response – regardless of time zone.  Our global presence, together with the extensive experience of our integrated international data protection group, sets us apart from many of our competitors.  We have detailed experience in each jurisdiction, which brings valuable insight to managing the differing legal systems, cultures and regulatory regimes.

We are active participants in the privacy community, including the International Association of Privacy Professionals and regular speakers at industry events as well as contributing to industry publications.

News & insights

Publications: 31 OCTOBER 2019

Warsaw podcast - GDPR in M&A transactions

Justyna Ostrowska, senior associate in Allen & Overy Warsaw, advises clients on new technologies law as well as intellectual property rights and data protection.  In her podcast, she discusses the role and responsibilities of parties to M&A transactions in light of the GDPR. Listen to our recording on employee data in M&A transactions.  

Read more

Publications: 28 OCTOBER 2019

The International Comparative Legal Guide: Cybersecurity 2020

This 3rd edition provides a global analysis of common issues in cybersecurity laws and regulations across 32 jurisdictions. It covers key topics such as criminal activity, applicable laws, specific sectors, corporate governance, litigation, insurance, employees, and investigatory and police powers.

Read more
Coloured wool

Publications: 22 OCTOBER 2019

Data protection representative “class” action gets the go ahead

Did you have an iPhone in 2011/2012? I still had a BlackBerry. If I had had an iPhone, I would have been a member of the class of more than four million users on whose behalf Mr Lloyd makes this claim. It is alleged that Google tracked, surreptitiously, some of the internet activity of those users, so infringing rights protected by data protection legislation. The litigation is interesting for two reasons: it shows that you can claim damages under data protection legislation without proving any financial loss or even distress; and, it considers what is required for a representative action to be brought for this claim: Lloyd v Google LLC [2019] EWCA Civ 1599

Read more
Cyber and data breaches: the questions that always arise

Publications: 14 OCTOBER 2019

Cyber and data breaches: the questions that always arise

Cyberattacks make prominent headlines yet many cyber and data breaches remain private. How firms act in the immediate aftermath of being hit may impact how much damage is done. Lawson Caisley, partner, talks through immediate priorities post-attack.  

Read more

The EU General Data Protection Regulation microsite

After over four years of discussion, the new EU data protection framework was adopted on 8 April 2016.

It takes the form of a Regulation – the General Data Protection Regulation (GDPR).

Download the practice brochure

Data Protection_GDPR_Content Promo_Sept_19

Why data protection has become a crucial and complex topic for companies.

A&O Digital Hub

Focusing on the latest digital trends and risks and developments in the field of data protection, privacy, information and cyber law.