Data Protection

We ask the questions you didn't know you needed to. This helps us spot potential risks and put everything in place to stay compliant with data privacy regulations. We review your current processing activity and procedures and make recommendations to remedy any compliance gaps in a proportionate manner.

Requests for personal information or DSARs are common and can be difficult to handle. Our data protection lawyers can help guide you through the process. In partnership with leading IT services providers, you get a dedicated support team to help reduce time and costs with the right processes and training.

Getting privacy notices and policies right is critical to compliance, especially as privacy notices are public-facing documents and increasingly subject to regulatory scrutiny. We can help you draft these documents and keep them updated as rules or needs change.

When data needs to be shared between parties, the right agreements need to be in place to safeguard your business. Those agreements need to be tailored to the particular context and focus on the right risks. We draft and negotiate data processing agreements and data sharing agreements across a huge number of sectors and contexts.

Data is borderless and most businesses' supply chains will send personal data between jurisdictions at some point. Our team can advise on the safeguards you need to transfer data in a compliant manner.

Understanding the impact of how you process data is the key to safeguarding it. We can help you conduct data protection impact assessments to identify, overcome and manage any potential risks within your business. DPIAs are increasingly key as evidence for regulators to demonstrate your accountability and risk management.

The best way to handle a breach is to be prepared. We can assist you with incident response planning, staff training and reviewing policies and processes. In the event of a breach, our team are only a call away to support with analysis, forensics, reporting obligations, investigations, notifying insurers and remedial action.

Whilst usually only public sector organisations are subject to Freedom of Information (FOI) and Environmental Information Regulations (EIR), if you supply to those organisations, you may need to present to your customer why information related to your business should benefit from an exemption from disclosure under these regulations. You will need to respond quickly, within the statutory period. We can identify any relevant exemption, gather evidence to support its application and present your position to your customer.