Data Privacy

Our Data Privacy group advises a broad range of clients across the world on all aspects of data protection, privacy and managing data risk more generally.

Our global team comprises of 6 leading expert partners, supported by associates and professional support lawyers who specialise in data privacy. As data privacy affects all areas of a business, we also train all of our other lawyers to advise on common data privacy issues within their practice areas.

Through our network of industry experts, regulator contacts and relationship firms across the world, we are always at the forefront of legal developments in Europe and beyond. Our data privacy practice is part of our multi-disciplinary cyber, risk and tech group. We provide clear, pragmatic and timely advice on all aspects of data privacy, from ad hoc GDPR compliance issues to complex global data risk strategic advice.

Our expertise includes advising on:

data compliance strategies, of varying complexity and jurisdictional reach
cyber and data security breaches, including follow-on litigation, customer complaints and class actions
data protection issues arising in M&A, commercial transactions and pension arrangements
non-EU clients on the extra-territorial scope of the GDPR
international transfers of personal data
data protection issues in the context of global investigations and litigation
the privacy implications for tech, such as AI and blockchain, and the impact of future digital regulation on data risk
the exercise of individuals’ rights, including customer and employee subject access requests
data sharing agreements, from simple process agreements to more complex data pooling arrangements and large strategic sourcing arrangements
drafting data protection policies and advising on e-privacy and cookie-related issues
the data protection implications of Brexit
freedom of information legislation

Key experience

A financial services group on a global data breach

We advised a financial services group on a global data breach affecting 500,000 customers and involving regulatory enforcement action. This included providing guidance on worldwide notifications and potential exposure in over 60 jurisdictions in a very short period of time and managing all the different workstreams effectively (including, among others, data privacy, employment, financial regulation, criminal and civil liabilities, contracts and liaising with the police and other regulators).

A multinational telecoms corporation on data protection and privacy obligations

We assisted with a company-wide review of the data protection and privacy obligations of a global corporation with interests in telecommunications, media, IT solutions, property development and investment. The review related to various of its products and internal/external operations and covered the EU, Hong Kong and China.

An insurance client on data use

We advised an insurer on the use of anonymised, pseudonymised and other personal data, including special category data and criminal conviction data, in a data analytics project. This involved structuring the process to incorporate appropriate anonymization and pseudonymisation techniques.