Data privacy and cyber security
We advise clients across a wide range of sectors on all aspects of data protection with much of our current work focused on supporting clients on compliance with the General Data Protection Regulation (GDPR) with its range of severe sanctions for breach.
Our advice on GDPR (and the new UK data protection law once enacted) includes the following key activities:
- enabling clients to baseline their data protection compliance position today;
- supporting clients to identify and prioritise the necessary programme of work to reach compliance by May 2018; and
- assisting with some or all aspects of the programme, including establishing policies, procedures and governance structures to manage compliance both by as well as after the introduction of the change in law.
We advise clients in relation to:
- the creation, storage, security and exploitation of databases in line with applicable regulations;
- remedial steps to bring a database into compliance – for example where it has grown without an adequate system of tracking relevant sources of consent;
- data use and privacy policies;
- privacy by design;
- collection notices and the tracking of consent;
- personal data in the employment context;
- cross-border movement of data, including moves to centralised hosting facilities;
- database acquisition and sale; and
- the management of data loss, including in the UK and US where law enforcement agencies are involved in addition to regulators.