Data protection and privacy

We specialise in advising on data privacy compliance, from regulatory notifications to business-wide audits.

The scope of our work includes advising on data security and data protection regulation. We also assist with the handling of data breaches including data loss, hacking and employee fraud.

Our experience includes advising:

a major US retailer on pan-European data protection audits and compliance programmes;

a US provider of software for the construction sector on its ongoing data protection audit and compliance programme;

a diverse number of UK start-ups and early stage technology companies on every aspect of ensuring that their new business complies with the General Data Protection Regulation;

an international insurance company on a cross organization data security and protection compliance project. This involved working with legal and compliance teams to formulate data security and data protection compliance policies and then to work with the business stakeholders to ensure that these policies were implemented across their business in the UK. The final stage of the project involved carrying out an audit and reporting on the compliance of each business division;

a major international energy company on cyber liability issues arising from a data security breach including liaising with the UK regulator in respect of a data protection breach notification;

a US financial services company on the notification of a data breach involving the theft of an unencrypted laptop computer;

the US technology arm of an international insurance company on the outsourcing of its UK hosting and data warehousing functions to an international IT supplier;

a global fast service restaurant chain on the data protection issues arising from the outsourcing of its customer relationship management function;

a UK insurance company on the legal and regulatory compliance challenges of implementing a cloud computing storage solution; and

a large UK retailer on a number of data protection compliance issues including the use of video surveillance systems on their premises.