Emerging technology, increasing regulation and public sector transparency requirements means keeping compliant with Data, Privacy & Freedom of Information takes real expertise.
We are proud of the fact that many of the leading UK brands and public sector organisations trust us to deliver clear, commercial advice and action on strategic data protection, privacy and transparency matters.
Our nationally-located information law experts have a leading reputation for delivering innovative solutions that make it easier for people to do business, whilst maintaining compliance and reducing risk.
We advise some of Britain’s best-known retailers and financial institutions on privacy and data issues and sit as senate members of IMRG (the trade body for e-commerce), as well as working on cutting edge data products across new and emerging technologies involving cyber security, telematics, drones and big data. But it doesn’t stop here. We also advise on wider information governance issues, including freedom of information (FOI), the environmental information regulations (EIR) and the re-use of public sector information regulations (PSI) for a range of public sector clients including local authorities, NHS bodies, housing associations, colleges, universities and schools.
Most importantly, we work hard to put ourselves in your shoes so that we can find out what matters most to you. That’s why many of our team join clients’ in-house legal teams on secondment. We believe this strengthens our relationship with the client and allows us to develop and maintain a level of sector expertise that results in a client experience no one else can match.
"Their work was very good and very thorough. Whether you are a small or large organisation they will treat you with respect and give the same level of service."
"A strong team with considerable expertise."
Get in touch
T:+44 (0)238 020 8422
What we do
We have particular experience in the following areas:
- Data protection audits, health checks and risk assessments
- Information governance and compliance programmes (including training on data protection, FOI, EIR and PSI
- Data security as well as outsourcing, through to international transfers of data (including the use of model clauses, Safe Harbor and Binding Corporate Rules)
- Cyber risks
- Data protection notifications
- Data sharing including legal powers to share data and data sharing agreements
- Privacy notices and policies
- Subject access requests
- FOI and EIR requests, including requests for re-use of information under FOI and PSI
- Data protection complaints
- Appeals and regulatory action by the Information Commissioner and wider litigation (including Judicial Review and Information Tribunal appeals).
Examples of work
A British multinational retailing company
- We advised a British multinational retailing company on the data protection issues associated with a number of significant, high value IT outsourcing and cloud projects. These projects have involved multiple jurisdictions in which the company operate and have created complex cross-border data protection issues that need to be considered and resolved.
FTSE 250 company
- Having been newly appointed to the legal panel in 2014, we have been instructed to advise a FTSE 250 company on its strategy and approach to the use of personal data, including customer data, across the organisation. This is a major project for the company given the size of its customer database and the significance of customer data to the organisation. As part of our role, we have seconded Peter Given (a Managing Associate in our Data Protection team) to the organisation's in-house legal team, where he is operating as an extension of the legal team – advising on changes to European data protection law and providing advice directly to the business on a number of complex data protection issues.
A health body
- We routinely advise a large health body on a range of information governance issues relating to the collection, use and sharing of patient data including legal powers to disclose and share information, data sharing agreements and other legal powers and duties associated with the body’s statutory functions in relation to patient data.
A global retail chain
- Over the past 12 months we have been asked to advise a global retail chain on a number of data protection projects and matters. This included providing bespoke onsite data protection training to the retailer’s IT, procurement, HR and marketing teams. We have also been instructed to advise on and assist with the preparation of a cutting edge approach by the business to delivering privacy notices and information about the retailer’s commitments to privacy to customers through in-store signage.
An American multinational consumer products company
- In recent months we have received data protection instructions from a major multinational consumer products company. The first such instruction related to drafting and advising on an intra-group data processing and sharing agreement between the European entities (circa 70 entities).The number of group entities (together with the wide range of countries in which they are established) presented some interesting challenges, for example, how the agreement could be executed and amended without requiring each entity to sign separately in each instance . Following the conclusion of the above matter, we were asked by the client to advise on another intra-group data protection agreement, this time involving the entities established worldwide. This agreement is intended to cover the cross-border transfer of personal data around the group and is drafted to ensure compliance with European and wider global data protection laws that regulate the cross-border transfer of data.