Data protection and data privacy

We work with clients from a broad range of sectors advising them on all aspects of their data protection compliance. We regularly advise clients on the creation and roll-out of compliance programmes (including audits, the development of policies and documentation and the delivery of training). We regularly advise on the creation of privacy notices, cookie policies, data protection impact assessments and records of processing. We also advise clients on the complexities of international data transfer issues (including intra-group and with service providers).

Our deep experience and expertise in digital and technology feeds into our privacy and data protection work. We frequently advise on cutting-edge privacy and data protection issues involving areas such as AI, immersive technology, digital marketing, adtech and programmatic advertising. We also have particular expertise in advising large entertainment, retail and other consumer facing businesses and global brands on the data privacy implications of their digital transformations.

We work closely with our clients to help them to lawfully collect and process data whilst managing the careful balance between compliance risk and commercial opportunities. We also work closely with our extensive network of independent law firms in other jurisdictions allowing us to support not only clients’ UK but also pan-European and global transactions and operations.

Our data protection advice also includes supporting a large number of clients on the data protection aspects of commercial and corporate transactions, including drafting and negotiating data processing agreements, and supporting with data protection related due diligence for mergers, acquisitions and investments.

Cyber-attacks and data loss are unfortunately common place and a risk to all businesses. We help clients with legal advice in the event of a data breach. We are uniquely placed to do so, combining our data privacy expertise with our extensive experience in the field of reputation management. We advise clients on complying with regulatory obligations including breach notification requirements, communicating with key stakeholders and clients, and dealing with related reputational issues.

We also help clients faced with a wide range of contentious data protection issues, including complaints to the Information Commissioners Office, litigation in the High Court and dealing with contentious data subject access requests. Responding to a subject access request, whether from a customer, ex-employee or potential litigant can be a time-consuming and complex undertaking and we help clients navigate the legal landscape.

Creating the right core team to deal with a data crisis is key, and we are very familiar with working alongside a client’s own in-house legal team, and other advisors such as forensic IT experts, marketing and crisis communications teams. We can also help introduce clients to experts in those fields if required.

Please see our Data litigation, data breaches and cybersecurity page for more details.

• Engadget coverage on cookie consent
• Compliance Week coverage on British Airways data breach class action
• EU adopts UK adequacy decisions allowing free flow of data
• Harbottle & Lewis advises NASDAQ quoted client Take-Two Interactive on its acquisition of Nordeus
• Data & Privacy eBulletin: Spring 2021
• Further safeguards are put in place to protect patients’ confidential information
• Sacha Wilson quoted on BA/Marriott GDPR fines