Data Privacy and Cyber Security

We advise clients across a wide range of sectors on all aspects of data protection and cybersecurity and resilience, with much of our current work focused on supporting clients on compliance with the General Data Protection Regulation (GDPR) with its range of strict sanctions for breach.

Our advice on GDPR (and UK data protection law) includes the following key activities:

  • enabling clients to baseline their data protection compliance position today;
  • supporting clients to identify and prioritise the necessary programme of work to reach compliance; and
  • assisting with some or all aspects of the programme, including establishing policies, procedures and governance structures to manage compliance.

We advise clients in relation to:

  • privacy provisions in a range of commercial agreements, including data sharing and joint controller agreements;
  • the creation, storage, security and exploitation of databases in line with applicable regulations;
  • data use and privacy notices including customer facing and employee facing notices;
  • privacy by design;
  • collection notices and the tracking of consent;
  • data subject access requests and communications with the ICO;
  • cross-border movement of data, including moves to centralised hosting facilities and other outsourcing considerations;
  • database acquisitions and sales;
  • compliance with UK NIS Regulations 2018;
  • data security provisions and cyber security compliance in IT and outsourcing agreements;
  • preparation for and responses to digital crises; and
  • the management of data loss, including in the UK and US where law enforcement agencies are involved in addition to regulators.