Our clients include multinational corporates and specialist AI and technology companies operating across a variety of sectors including data governance, fintech, healthcare, retail and hospitality, and telecommunications.
We support companies on digital transformation projects, commercialising emerging data dependent products and services and management of security incidents.
Our work encompasses assessing a breadth of issues, including the acquisition of intellectual property rights in data and technologies and compliance with privacy regulations.
Compliance programs and policies
Data protection compliance is an ongoing requirement and businesses increasingly recognise compliance measures must be monitored and enforced. We assist clients by reviewing current compliance measures, reporting on and implementing measures where enhancements are required.
Data sharing and data processing contracts
We advise on data protection and privacy issues in data sharing arrangements and contracts, advising on obligations under sourcing and other service arrangements, the allocation of liability between parties, negotiating assurances and indemnities concerning privacy and data security and the treatment of consumer and employee data in business and share acquisitions.
Data breach and security incidents
We assist clients in developing and implementing data breach policies and procedures, and provide legal input in supporting security measures, each of which are key elements for demonstrating compliance with privacy regulations. No matter how strong these measures are, data breach incidents can occur, and we assist clients in crisis breaches and analyse the legal implications of such incidents, including requirements for regulatory notifications and liability.
Our team of specialist data protection, privacy and technology lawyers help clients to mitigate and manage cyber risks. On a pre-emptive basis, we advise on regulatory compliance, data audits and security, cyber insurance and developing response plans. If a security incident occurs, including a data breach, our responsive team can help clients with regulatory and customer notifications, communications with law enforcement, issues surrounding confidential information and trade secrets, and the pursuit of the perpetrators of the security incident.
Global data transfers
Sharing EU personal data, whether within a corporate group or with third party service providers, is closely regulated. We help clients with their planning and implementation of cross-border data sharing arrangements of varying complexity. This includes challenging multi-jurisdiction data sharing frameworks involving the flow-down of processor obligations at multiple sub-processor levels.
The GDPR can apply to organisations with no business presence in the European Economic Area (EEA) if they offer goods or services to individuals in the EEA, or if they monitor the behaviour of individuals in the EEA. We assist companies located outside the EEA on the implications of the GDPR’s extra-territorial reach, including the requirement to appoint a GDPR representative in a relevant EU member state, the possible requirement for the appointment of a Data Protection Officer, and other mandatory GDPR obligations which apply when processing EU-governed personal data.
We assist clients, ranging from start-ups to long-established multinationals, on the data protection and privacy aspects of the new technologies they have developed or wish to purchase for their business. We carry out compliance reviews on a wide variety of IoT products and service offerings, including those in the automotive, health, medical and financial sectors, to identify potential legal issues and supply practical solutions.
ePrivacy, direct marketing and cookies
We help clients to structure their advertising and marketing efforts, whether targeting consumers or businesses, across all electronic channels. We advise clients seeking to deploy cookies and similar technologies on users’ devices, including in the context of profiling and online advertising; and guiding clients on the use of location-based technologies.