Data Protection and Privacy Compliance
We specialise in advising on data privacy compliance, from regulatory notifications to business-wide audits. The scope of our work includes advising on data security and data protection regulation, E-commerce law and regulation, the law and regulation of cross border technology outsourcing and, more recently, the data challenges that arise from implementing cloud computing (“Software as a Service”) solutions. We also assist with the handling of data and privacy breaches. We with clients (and their regulators) to resolve incidences of data loss, hacking, employee fraud and other data related compliance failures.
Our experience includes:
- Advising a major US retailer on pan-European data protection audits and compliance programmes;
- Advising a US provider of software for the construction sector on its ongoing data protection audit and compliance programme;
- Advising a number of UK start ups on every aspect of ensuring that their new business complies with the Data Protection Act 1998 and the forthcoming General Data Protection Regulation;
- Advising an international insurance giant on a cross organization data security and protection compliance project. This involved working with legal and compliance teams to formulate data security and data protection compliance policies and then to work with the business stakeholders to ensure that these policies were implemented across their business in the UK. The final stage of the project involved carrying out an audit and reporting on the compliance of each business division;
- Advising a major international energy company on cyber liability issues arising from a data security breach including liaising with the UK regulator in respect of a data protection breach notification;
- Advising a UK insurance company on the legal and regulatory compliance challenges of implementing a cloud computing storage solution;
- Advising a major UK oil and gas company on its second generation global HR outsourcing deal. A significant part of this project was managing and advising on a global data protection compliance project for their human resources business function that involved the off-shoring of personal data of 100,000 employees;
- Advising the US technology arm of an international insurance company on the outsourcing of its UK hosting and data warehousing functions to an international IT supplier;
- Advising two major UK construction companies on the legal, compliance and sales and marketing teams on complying with the Data Protection Act 1998; and
- Advising a large UK supermarket chain on a number of data protection compliance issues including the use of video surveillance systems in their supermarkets.