We help clients to plan and execute their data protection compliance measures, whether by business-wide audits, data mapping and implementation projects, or by assisting with discreet datasets. This includes identifying a dataset's life cycle and reflecting this in public-facing privacy notices, consent-flows, privacy impact assessments, policies and procedures and internal accountability records.
We assist clients to develop and implement data breach policies and procedures, and provide legal input in supporting security measures, each of which are key elements for demonstrating GDPR compliance. No matter how strong these measures are, data breach incidents can occur, and we assist clients in analysing the legal implications of the incident, including requirements for regulatory notifications and liability. Our early engagement in these matters can afford clients the benefit of legal privilege in respect of incident related communications.
Sharing EU personal data, whether within a corporate group or with third party service providers, is closely regulated. We advise on various data sharing arrangements, including the exploitation of big data. We help clients with their planning and implementation of cross-border data sharing arrangements of varying complexity. This includes challenging multi-jurisdiction data sharing frameworks involving the flow-down of processor obligations at multiple sub-processor levels.
We advise on data protection and privacy issues arising from commercial contracts. This includes drafting and negotiating processor obligations under sourcing arrangements and other service contracts, advising on the allocation of liability and indemnities, and the treatment of consumer and employee data in the context of a business or share acquisition.
We assist clients, ranging from start-ups to long-established multinationals, on the data protection and privacy aspects of the new technologies they have developed or wish to purchase for their business. We carry out compliance reviews on a wide variety of IoT products and service offerings, including those in the automotive, health, medical and financial sectors, to identify potential legal issues and supply practical solutions.
We help clients to structure their advertising and marketing efforts across all electronic channels, developing user-centric consent flows and ‘soft opt-in’ alternatives for e-marketing. We advise clients seeking to deploy cookies and similar technologies in the context of profiling and online advertising; and guiding clients on the use of location-based technologies.
Data protection compliance is an ongoing requirement. The principle of accountability, introduced by the GDPR, means that compliance measures must be monitored and enforced. We assist clients by auditing current compliance measures, reporting on and implementing measures where enhancements are required. Our involvement in this process allows clients to leverage legal privilege over all our findings and related communications.
The GDPR can apply to organisations with no business presence in the European Economic Area (EEA) if they offer goods or services to individuals in the EEA, or if they monitor the behaviour of individuals in the EEA. We assist companies located in the United States, Canada, Cayman Islands and other non-EEA locations of the implications of the GDPR’s extra-territorial reach, including the requirement to appoint a GDPR representative in a relevant EU member state, the possible requirement for the appointment of a Data Protection Officer, and other mandatory GDPR obligations which apply when processing EU-governed personal data.
Our information-security team of specialist data, technology, litigation and dispute resolution lawyers help clients to mitigate and manage cyber risks. On a pre-emptive basis, we advise on regulatory compliance, data audits and security, cyber insurance and developing response plans. If a security incident occurs, including a data breach, our responsive team can help clients with regulatory and customer notifications, communications with law enforcement, issues surrounding confidential information and trade secrets, and the pursuit of the perpetrators of the security incident.