Mishcon de Reya page structure
Site header
Main content section
Data

Data

We defend the data rights of businesses and individuals

Data is central to all our lives. Every business, public authority and organisation, collects ever more data about consumers, citizens, contacts and employees – and that volume of data is being assessed in ever faster and more sophisticated ways. Protecting and leveraging data is already central to the success of many businesses and it lies at the core of our data practice.

We help businesses use data throughout their developmental life cycle: building their databases and extracting full value from them, reinforcing their cyber-security position and defending claims and regulatory investigations. We act for investors and sellers, who recognise the value of the data.

We also support individuals who are looking to enforce their data rights, whether it's a claim that a business has exploited personal data in breach of the law, or an individual facing criminal sanctions as a result of claims made against their use of data.

Central to everything we do is understanding the true value of data. Unless we understand the moral and economic pressures on data governance, we cannot properly advise on the law.

We have a full-service data offering, covering litigation, private client and corporate needs, and working together with non-lawyer data protection, data science and cyber experts.

  • Holding government and corporations to account: whether in high-profile cases like Lloyd v Google, or our case seeking to clarify the legal status of the UK's international agreement to transfer bank account details to the United States, through to taking discreet actions to enforce individuals' rights, our data team looks to test the boundaries of data law, while also seeking to pursue more straightforward claims.

  • We assist individuals with making data subject access requests (DSARs) and enforcing their rights at the ICO and in court.

Employee data

  • Employers hold vast amounts of data on their employees, from salaries and bank details to personal information and medical records. Used correctly, this data can enhance business outcomes; to ensure diversity – whether of age, race or ethnicity - or to measure and reduce any gender pay gap. However, data can pose a considerable risk to employers if managed incorrectly. We advise clients on how to minimise risk by adopting the right practices and data management strategies, and we train staff to ensure compliance.

Customer data

  • We advise clients on the rules relating to marketing and how to collect, hold and use consumer data.
  • Using data as a tool to add value during investment rounds, private equity investments or in more traditional M&As, and how to avoid pitfalls when acquiring companies.
  • Structuring ownership so that the value of the company's data is recognised and growth can be planned.
  • We have deep expertise in advising on international data transfers, including handling complex, multi-jurisdictional binding corporate rules (BCRs) and standard contractual clauses, data sharing agreements, and international transfer impact assessments.
  • Responding to DSARs made by individuals.

Our other data services

MDR Cyber

MDRxTech
Work highlights
Work highlight

Assisting clients

Assisting clients in their dealings with the Information Commissioner's Office in connection with potential enforcement action, and in handling subject access requests and refusals to supply personal data, by or to our clients

Work highlight

Online gaming business

Representing a major online gaming business on its multijurisdictional data protection compliance obligations and its handling of personal data in the context of the Data Protection Act, gambling regulation and historic player terms, and under GDPR, as well as on its direct marketing 

Work highlight

Advising an investor

Advising an investor corporate on handling difficult subject access requests made by directors of a hostile target business

Work highlight

Pharmaceutical company

Acting for a pharmaceutical company whose processor suffered a data hack and advising on notification and other GDPR matters

Work highlight

Lloyd v Google

Acting for Richard Lloyd as representative claimant against Google in respect of the 'Safari Workaround', which enabled Google to access iPhone users' surfing histories to serve targeted adverts 

Work highlight

Claimant taxpayer

Advising a claimant taxpayer on a disputed subject matter access request made to HMRC, resulting in his gaining considerable understanding of the internal file structures and processes adopted

Work highlight

Commodities wholesaler

Representing a wholesaler in the commodities market on local compliance considerations across some 30 countries

Work highlight

Recruitment client

Advising on multi-jurisdictional data handling arrangements for a client in the recruitment sector

Data Theft

Learn More

GDPR and Data Protection

Learn more

Dynamic Data Compliance

Find out more
Services
Sectors
Latest
Abstract - consulation on AI News

ICO recommends compensation awards in criminal prosecution case

Data protection News

Jon Baines comments on the Data Protection and Digital Information Bill

Cyber security data protection News

The Data Protection and Digital Information Bill – an initial view

Jon Baines, Data Protection Advisor, Dispute Resolution News

Jon Baines on the Government's response to PACAC recommendations for Open Democracy

data-adequacy-deal News

Ashley Winton comments on 'in-principle' data adequacy deal with South Korea

mishcon-de-reya-pro-bono News

Mishcon de Reya acts pro bono for Criminal Bar Association

Podcast

UK Data Reform - what's being proposed?

data-reform-for-charities News

Data reform - new fundraising opportunities for charities and non-profits

News

ICO to keep money from UK GDPR fines

News

Mishcon de Reya successfully acts for editor of Disability News Service in data protection matter

News

ICO reprimands Cabinet Office, UKIP, CPS and others for data protection contraventions

News

New claim against Google and DeepMind Technologies for unauthorised use of confidential medical records

News

Jon Baines on the Freedom of Information Act for The Times

News

Commons Committee report on Cabinet Office FOI “Clearing House”

News

Increase in maximum financial penalties for data breaches in Singapore

News

Publication of Guide to Data as a Critical Asset

News

FOI enforcement starts to get serious?

News

Failure to comply with FOI notice is contempt of court

News

ICO promises to address FOI failings, in response to Open Letter

News

Cyber-attack prevention and mitigation – what to do before and after a security breach

News

Adam Rose in Financial Times on GDPR compliance changes post-Brexit

News

Overwhelmed by data regulation? Hub Plus could be your solution.

News

Richard Leedham features in The Lawyer’s 2022 case watchlist

Video

FATCA: Is privacy catching up? A lesson from recent court cases

Video

Mishcon Academy Digital Session: Dispute Resolution in the Metaverse

News

Data ethics concerns halt academic study into subject access requests

News

Amendment of unlawful "immigration exemption" of Data Protection Act 2018

News

Facial recognition technology – the risks and how to avoid them

Event

FATCA - Is Privacy catching up? A lesson from recent court cases

News

The developing law on data protection group claims

News

The global reach of English Law

News

GDPR claim filed against HMRC on behalf of client impacted by FATCA

News

Data protection damages and "minimal breaches"

News

Campaign for Freedom of Information seeks urgent funds

News

Facial recognition technology in schools

News

Financial regulation adapts to new developments in financial technology: Banks beware!

News

DCMS concedes that reappointment of Information Commissioner was unlawful

News

Consultation opens on the Government's data reform plans

News

A new data protection regime and Information Commissioner for the UK

News

Warren v DSG shows High Court applying laser focus to databreach claim

News

Mishcon acts for editor of Disability News Service in data protection matter

News

Jon Baines on the UK’s data-protection regime for Public Technology

News

GDPR "Adequacy" status conferred on UK

GDPR News

Brexit and Data Protection

News

ICO Opinion on live facial recognition

News

Heathrow Airport not subject to Environmental Information Regulations, says Tribunal

News

The Children's Code: Are you ready to comply?

News

Red Flag - the new Standard Contractual Clauses for data export may not work for you

Podcast

Initial Reactions: New Standard Contractual Clauses from the European Commission Heralds a New Dawn for Data Transfers

News

ICO Code of Practice sets out best practices for data sharing

News

European Court of Justice hands down decision on INTERPOL Red Notices, double jeopardy and personal data

News

Article 27 representatives not liable under GDPR, says High Court

News

Data Protection Act immigration exemption is unlawful, rules Court of Appeal

News

Damages claims for mass data breaches: UK and european perspectives

News

New EDPB Guidelines on targeted advertising to social media users

News

Anne Rose and Oliver Millichap contribute a chapter on direct marketing to Practical Law

News

Filippo Noseda at STEP Geneva on "Public Registers of Beneficial Ownership – Here to Stay?”

News

Google's appeal in a landmark data protection case begins in the Supreme Court

News

Football Dataco / Genius v Sportradar: latest claims bring in scouts as representative defendants

News

Mishcon de Reya's new Innovation department launches with two new Partner Hires

News

Mishcon Private Equity advise founders and management on the secondary buy-out of Xceptor

Podcast

M:Tech Talks – Minesh Patel, Amplifi

News

Employee health data in the age of COVID-19

Video

Mishcon Academy: Digital Sessions – Self-reporting to Regulators – advantages, imperatives and pitfalls

News

Making the most of a bad thing – using public data breaches for good

News

Collective GDPR claims – is the route forward through the CPR?

Event

Mishcon Academy: Digital Sessions - Self-reporting to Regulators: from regulatory shortcomings to data breaches, and back again

News

Mishcon's new "UK GDPR" pages

News

Mishcon de Reya teams up with The Privacy Compliance Hub

News

Draft data adequacy decisions confirmed

News

High Court dismisses claims for recovery of advertising costs in group litigation

News

Data protection adequacy imminent for UK?

News

Jon Baines featured in an inews article about the Freedom of Information Act

News

The changing face of beauty tech

News

The EU/UK Trade and Cooperation Agreement: Digital Trade

News

ICO Employment Practices Code to be updated

News

New EU rules on consumer representative actions

Podcast

M:Tech Talks – Nodar Daneliya, Synth

News

Sports data and sports betting: competition and private law rights arguments to be aired in Sportradar dispute

News

Mishcon de Reya files GDPR Complaint with Luxembourg National Data Protection Committee (CNPD)

News

Windrush landing cards destruction: did the Home Office meet its data obligations?

News

Mishcon de Reya acts for students challenging the International Baccalaureate awards

News

Jon Baines discusses the impact of Brexit on GDPR in Wired

News

Guidance on international data transfers following Schrems II

Video

Mishcon Academy: Digital Sessions – Workplaces of the Future

News

Does Whitehall’s FOI process break data protection law?

News

Jon Baines contributes to new report, 'The Cost of Data Inadequacy'

Video

Mishcon Academy: Digital Sessions - Brexit: Data Protection Implications

News

ICO Guidance on Subject Access Requests

News

Propertyshe Perspectives: living in the time of COVID-19 uncertainty

Event

Mishcon Academy: Digital Sessions - Brexit: Data Protection Implications

News

Call recording – consent is not normally required

News

One in three personal data breaches are reported “late” to ICO

News

ICO's £18.4m fine against Marriott: a salutary reminder when conducting due diligence

News

ICO Innovation Hub and the MHRA

Event

The Personal Implications of Managing Cyber Security

News

ICO slashes British Airways GDPR fine to £20m from proposed £183m

News

Mishcon de Reya launches new digital transformation consultancy MDRxTech

News

Fitness and Health Tech: Rise of the wearables

News

Further delay in proposed ICO GDPR fine for Marriott

News

Technology and the future of healthcare

News

Jon Baines provides foreword to new published study on GDPR in Government

News

Sharing (data) is not always caring

News

UK Government explores the AI labour market

News

Jon Baines in Times Educational Supplement on potential challenge to International Baccalaureate awards

News

Age Appropriate Design Code in force on 2 September 2020: Companies have 12 months to prepare

News

Web 3.0 – an intelligent, connected, open internet

News

Will ICO have to investigate the International Baccalaureate algorithm?

News

Filippo Noseda discusses FATCA in Bloomberg

News

Is "Big Tech" facing multiple showdowns with the EDPB?

News

GDR: Third time lucky for EU/US data transfer deal?

News

Why Morrisons isn’t the end of the data claims story

News

Adam Rose in Forbes on Standard Contractual Clauses

News

GDR: Third time lucky for EU/US data transfer deal?

News

A-level results 2020: how historic data protection could impact modern appeals

News

"Should personal financial data be sent to foreign tax authorities?" – Filippo Noseda discusses FATCA in The Economist

News

Potential data protection challenges to A-level results

Adam Rose News

Adam Rose explains Standard Contractual Clauses in Digiday

News

Jon Baines discusses ICO fines in The Register

News

British Airways hints at massive reduction in proposed GDPR fine

News

Sending real estate data to the US and other non-EEA countries is now a major challenge

News

Tom Grogan speaks on CW webinar on post-COVID digital transformation

News

Schrems II – sending data to the US (and other non-EEA countries) is now a major challenge

Podcast

Mishcon Accumulator Podcast: Data Protection Code of Conduct

News

Adam Rose discusses significance of Schrems ruling in Global Legal Post

Mishcon Academy: Digital Sessions - The Schrems II judgment and the future of free movement of data Video

Mishcon Academy: Digital Sessions - The Schrems II judgment and the future of free movement of data

News

The Schrems II judgment and the future of free movement of data

News

European Commission issues updated Stakeholder Notice on data protection

News

Data leaks in sports

News

Sian Harding and Tom Grogan published in SCL Student Bytes

News

Nicola Vinovrški discusses the big data breach landscape in Journal of International Banking Law and Regulation

News

The Caldicott Principles – are they good enough?

News

CCPA - California's new data protection law is now enforceable

GDPR News

Commission evaluation report of GDPR: a good start, but areas for improvement

News

Dubai International Financial Centre launches new Data Protection Law

News

How should organisations plan for public data leaks?

News

The EGBA publishes code of conduct on data protection in online gambling

News

Hospitality sector faces major data protection challenges as lockdown relaxes

News

Age Appropriate Design Code laid before Parliament

News

Immigration and artificial intelligence: a 'digital hostile environment'?

News

European Commission launches consultation on online regulation and new competition tool

Podcast

Mishcon Academy: Digital Sessions podcast – GDPR 2 years on

News

Data Protection Impact Assessments (DPIAs): critical in the next phase of our "new normal"

News

Jon Baines discusses the NHS COVID-19 contact tracing app in Wired

News

ICO appears to announce yet further delays to BA and Marriott investigations

News

COVID-19: ICO issues statement on its regulatory approach

News

COVID-19: Securing the remote worker

News

Morrisons found not liable for rogue employee's data leak

News

Supreme Court rules Morrisons was not liable for 2014 data breach

News

Further delays to ICO proposed fines for BA and Marriott

News

How to sign documents during the COVID-19 "lockdown" – a guide to signing electronically

News

Data protection: UK Government sets out its position on "essential equivalence" between the UK and EU

News

GDPR "reprimands" – an extra compliance and reputational risk for organisations

News

Data protection: solicitors' paper files were not a 'relevant filing system'

News

COVID-19 and ICO's proposed fines for BA and Marriott

News

Filippo Noseda contributes to The Wealth Report 2020 by Knight Frank

News

Joe Hancock comments on the Virgin Data Breach on LBC

News

European Commission announces need for AI law

News

FCA suffers data breach affecting 1600 complainants

News

Are fashion brands being transparent about data?

News

Heathrow Airport Limited ruled to be a public authority for information-access regime

News

Jon Baines to join ICO panel judging Data Protection Officer of the Year

News

Data Protection in the transition period

Brexit: navigating the transition period News

Brexit: navigating the transition period

News

Joe Hancock comments on Huawei 5G decision

Children's data protection rights: a data protection casualty? News

Children's data protection rights: a data protection casualty?

News

Jon Baines in Campaign on ICO fines

News

ICO publishes Age Appropriate Design Code

News

Jon Baines quoted in GDR News

News

Regulators begin to set boundaries for Artificial Intelligence

News

ICO agrees delay over GDPR fines with both BA and Marriott

News

Sportsbiz: the most important trends of 2019 & what to expect in 2020

News

Advocate General delivers Opinion on standard contractual clauses for international data transfers

News

ICO issues first fine under GDPR to London pharmacy

News

Adam Rose comments on the CMA's digital advertising report on Radio 4 Today programme

US Privacy shield and transfer of personal data for pharmaceutical research - What's changed? News

US Privacy shield and transfer of personal data for pharmaceutical research - What's changed?

News

ICO has issued only 3 notices of intent to serve GDPR fines

News

€9.5m GDPR fine to German telco for insecure customer authentication

News

ICO to write to all UK companies asking for data protection fee

News

German Data Protection regulator fines real estate company millions for 'data cemetery'

News

Storm clouds brewing for Google?

News

Might BA and Marriott avoid their GDPR fines?

News

No direct liability for EU representatives under GDPR, says EDPB

News

Google's latest acquisition: more than just a bit of data…

News

MDR Cyber comments on the large scale cyber-attack in Georgia

News

Jon Baines in The Times Letters

News

Data protection claims: A green light for representative actions

The unsteady rise of UK group actions News

The unsteady rise of UK group actions

No deal Brexit and data protection News

No Deal Brexit and Data Protection

The Economist: America’s notorious tax-compliance law faces another challenge News

The Economist: America’s notorious tax-compliance law faces another challenge

The Duchess of Sussex announces she is suing The Mail on Sunday: Emma Woollcott comments News

The Duchess of Sussex announces she is suing The Mail on Sunday: Emma Woollcott comments

Lloyd v Google Court of Appeal judgment News

Lloyd v Google Court of Appeal judgment

Google wins right to be forgotten case News

Google wins right to be forgotten case

News

ICO intending to fine BA and Marriott International

Boris Johnson and GDPR News

Boris Johnson and GDPR

Event

Shaping Cities – The Future of Mobility

News

La Liga Fined €250,000 For Spying On App Users To Crack Down On Illegal Streams

Anne Rose on applying GDPR and PECR to the sports sector News

Anne Rose on applying GDPR and PECR to the sports sector

Mishcon NOTLaw - The Art & Science of Successful M&A Event

Mishcon NOTLaw - The Art & Science of Successful M&A

Retail: An industry in flux Event

Retail: An industry in flux

“Computer says no” - data protection and reasonable adjustments News

“Computer says no” - data protection and reasonable adjustments

Shaping Cities: The Changing Face of Retail Video

Shaping Cities: The Changing Face of Retail

First UK enforcement action under GDPR and the new Data Protection Act News

First UK enforcement action under GDPR and the new Data Protection Act

Cities of tomorrow: intelligent, sustainable and data driven Video

Cities of tomorrow: intelligent, sustainable and data driven

FUTURE: PropTech 2018 - Keynote by Nick Kirby Video

FUTURE: PropTech 2018 - Keynote by Nick Kirby

GDPR Video

What is GDPR?

GDPR Video

GDPR - What are your rights?

GDPR Video

GDPR - What are your obligations?

General Data Protection Regulation and Cyber Security Event

General Data Protection Regulation and Cyber Security

Significant data breach leads to an undertaking, not a fine News

Significant data breach leads to an undertaking, not a fine

Brexit: the potential impact Publication

Brexit: the potential impact

News

LGBT Asylum: In Conversation with the UK Border Agency

News

Mishcon de Reya climbs to 15th in the Financial Times Innovative Lawyers Top 50

How can we help you?
Help

How can we help you?

Subscribe: I'd like to keep in touch

If your enquiry is urgent please call +44 20 3321 7000

Crisis Hotline

I'm a client

I'm looking for advice

Something else