In the world of technology, data is a key business asset, allowing you to better understand, and interact with, your clients, and to develop new services and products. However, whatever your company’s size, from start-up to multinational, the collection and use of data – particularly personal data – presents significant legal issues. Getting it wrong can have huge financial and reputational implications.
We will work closely with you to help you to lawfully collect and exploit data, and unlock its full potential to achieve your business goals. At the same time, we can help you ensure you have the right policies, processes and security in place to manage the risk of data breaches, misuse, theft and hacking.
Our specialist Data Protection team works at the intersection of technology and law, and can offer you practical advice on all data issues – from complex issues surrounding big data, artificial intelligence, IoT, cloud services, ad tech, blockchain, wearable technology, and augmented and virtual reality, to more straightforward data protection compliance.
Our specialist team can provide you with well-rounded, expert advice on a range of data protection and privacy issues including:
- GDPR and Data Protection Act compliance
- Data protection audits, policies and training
- Data breach management and response, including dealing with the Information Commissioner’s Office
- Online privacy policies, cookies notices and internal data protection policies
- Consent and other lawful bases for data processing
- International data transfers, binding corporate rules and EU model clauses
- Data processor agreements
- Data protection governance and records management
- Data subject access requests
- Compliance with data subject rights
- Data security
- Cookie laws and regulation
- Direct marketing and profiling
- Privacy and Electronic Communications Regulations, and the forthcoming ePrivacy Regulation
- Freedom of Information Act
- Supervisory authority notices and enforcement actions
- Employee monitoring, BYOD policies and processing of special categories of data
- Interception and monitoring of communications
- Data protection aspects of corporate transactions, including mergers and acquisitions
We have advised a New Zealand based leading artificial intelligence technology provider on a variety of data issues surrounding its licensing arrangements with various brand clients.
International marketing technology provider
We have advised an international marketing technology provider on its GDPR compliance project, including auditing the existing data protection compliance of its US and UK offices; advising on lawful bases upon which the company is processing personal data; revising and negotiating contracts with processors; updating consumer-facing privacy policies; drafting internal data protection policies, records of processing activities, DPIA and LIA forms; and advising on legality of international data transfers.
US monitoring service
We guided a US software provider on UK data and privacy laws in anticipation of the proposed consumer launch of its monitoring services in the UK.
Multinational interactive entertainment company
We advised a large interactive entertainment company’s US and Japanese entities on their GDPR preparations, including data collection via its app, games, events and website, and on the implications of, and requirements associated with, collecting, hosting and analysing personal data of children.
Numerous corporate and high-profile individual clients
We routinely advise on strategic and contentious data subject access requests and the matters arising from them, including complaints to the Information Commissioner’s Office. We act for both individuals making requests and organisations who are facing requests in factually complex circumstances such as litigation or as part of a campaign where reputational and privacy issues arise.
Marketing and data analytics
We provide our technology and media clients with guidance on rules relating to direct social media, email, telephone, and postal marketing. We also advise a number of clients who collect and analyse data online, including dealing with issues such as ‘profiling’ and automated decision-making.
We advise our clients on a data protection issues associated with corporate transactions, including due diligence disclosures and negotiation of data protection provisions in business and asset sale agreements.