Data

Data

We defend the data rights of businesses and individuals

Data is central to all our lives. Every business, public authority and organisation, collects ever more data about consumers, citizens, contacts and employees – and that volume of data is being assessed in ever faster and more sophisticated ways. Protecting and leveraging data is already central to the success of many businesses and it lies at the core of our data practice.

We help businesses use data throughout their developmental life cycle: building their databases and extracting full value from them, reinforcing their cyber-security position and defending claims and regulatory investigations. We act for investors and sellers, who recognise the value of the data.

We also support individuals who are looking to enforce their data rights, whether it's a claim that a business has exploited personal data in breach of the law, or an individual facing criminal sanctions as a result of claims made against their use of data.

Central to everything we do is understanding the true value of data. Unless we understand the moral and economic pressures on data governance, we cannot properly advise on the law.

We have a full-service data offering, covering litigation, private client and corporate needs, and working together with non-lawyer data protection, data science and cyber experts.

  • Holding government and corporations to account: whether in high-profile cases like Lloyd v Google, or our case seeking to clarify the legal status of the UK's international agreement to transfer bank account details to the United States, through to taking discreet actions to enforce individuals' rights, our data team looks to test the boundaries of data law, while also seeking to pursue more straightforward claims.

  • We assist individuals with making data subject access requests (DSARs) and enforcing their rights at the ICO and in court.

Employee data

  • Employers hold vast amounts of data on their employees, from salaries and bank details to personal information and medical records. Used correctly, this data can enhance business outcomes; to ensure diversity – whether of age, race or ethnicity - or to measure and reduce any gender pay gap. However, data can pose a considerable risk to employers if managed incorrectly. We advise clients on how to minimise risk by adopting the right practices and data management strategies, and we train staff to ensure compliance.

Customer data

  • We advise clients on the rules relating to marketing and how to collect, hold and use consumer data.
  • Using data as a tool to add value during investment rounds, private equity investments or in more traditional M&As, and how to avoid pitfalls when acquiring companies.
  • Structuring ownership so that the value of the company's data is recognised and growth can be planned.
  • We have deep expertise in advising on international data transfers, including handling complex, multi-jurisdictional binding corporate rules (BCRs) and standard contractual clauses, data sharing agreements, and international transfer impact assessments.
  • Responding to DSARs made by individuals.

Our other data services

MDR Cyber

MDRxTECH

Work highlights

Work highlight

Assisting clients

Assisting clients in their dealings with the Information Commissioner's Office in connection with potential enforcement action, and in handling subject access requests and refusals to supply personal data, by or to our clients

Work highlight

Online gaming business

Representing a major online gaming business on its multijurisdictional data protection compliance obligations and its handling of personal data in the context of the Data Protection Act, gambling regulation and historic player terms, and under GDPR, as well as on its direct marketing 

Work highlight

Advising an investor

Advising an investor corporate on handling difficult subject access requests made by directors of a hostile target business

Work highlight

Pharmaceutical company

Acting for a pharmaceutical company whose processor suffered a data hack and advising on notification and other GDPR matters

Work highlight

Lloyd v Google

Acting for Richard Lloyd as representative claimant against Google in respect of the 'Safari Workaround', which enabled Google to access iPhone users' surfing histories to serve targeted adverts 

Work highlight

Claimant taxpayer

Advising a claimant taxpayer on a disputed subject matter access request made to HMRC, resulting in his gaining considerable understanding of the internal file structures and processes adopted

Work highlight

Commodities wholesaler

Representing a wholesaler in the commodities market on local compliance considerations across some 30 countries

Work highlight

Recruitment client

Advising on multi-jurisdictional data handling arrangements for a client in the recruitment sector

Data Theft

Learn More

GDPR and Data Protection

Learn more

Dynamic Data Compliance

Find out more

Latest
News

Public Registers of Beneficial Ownership

21 Jan 2022

News

Richard Leedham features in The Lawyer’s 2022 case watchlist

12 Jan 2022

Media

FATCA: Is privacy catching up? A lesson from recent court cases

5 Jan 2022

Media

Mishcon Academy Digital Session: Dispute Resolution in the Metaverse

4 Jan 2022

News

Data ethics concerns halt academic study into subject access requests

21 Dec 2021

News

Amendment of unlawful "immigration exemption" of Data Protection Act 2018

15 Dec 2021

News

Facial recognition technology – the risks and how to avoid them

2 Dec 2021

Event

FATCA - Is Privacy catching up? A lesson from recent court cases

17 Nov 2021

News

The developing law on data protection group claims

10 Nov 2021

News

The global reach of English Law

3 Nov 2021

News

GDPR claim filed against HMRC on behalf of client impacted by FATCA

27 Oct 2021

News

Data protection damages and "minimal breaches"

27 Oct 2021

News

Campaign for Freedom of Information seeks urgent funds

20 Oct 2021

News

Facial recognition technology in schools

19 Oct 2021

News

Confidential medical records at the centre of a new claim against Google

30 Sep 2021

News

Financial regulation adapts to new developments in financial technology: Banks beware!

24 Sep 2021

News

DCMS concedes that reappointment of Information Commissioner was unlawful

16 Sep 2021

News

Consultation opens on the Government's data reform plans

10 Sep 2021

News

A new data protection regime and Information Commissioner for the UK

26 Aug 2021

News

Warren v DSG shows High Court applying laser focus to databreach claim

12 Aug 2021

News

Mishcon acts for editor of Disability News Service in data protection matter

6 Aug 2021

News

Jon Baines on the UK’s data-protection regime for Public Technology

20 Jul 2021

News

GDPR "Adequacy" status conferred on UK

28 Jun 2021

GDPR
News

Brexit and Data Protection

28 Jun 2021

News

ICO Opinion on live facial recognition

24 Jun 2021

News

Heathrow Airport not subject to Environmental Information Regulations, says Tribunal

23 Jun 2021

News

The Children's Code: Are you ready to comply?

22 Jun 2021

News

Red Flag - the new Standard Contractual Clauses for data export may not work for you

9 Jun 2021

Media

Initial Reactions: New Standard Contractual Clauses from the European Commission Heralds a New Dawn for Data Transfers

4 Jun 2021

News

ICO Code of Practice sets out best practices for data sharing

2 Jun 2021

News

European Court of Justice hands down decision on INTERPOL Red Notices, double jeopardy and personal data

2 Jun 2021

News

Article 27 representatives not liable under GDPR, says High Court

1 Jun 2021

News

Data Protection Act immigration exemption is unlawful, rules Court of Appeal

26 May 2021

News

Damages claims for mass data breaches: UK and european perspectives

21 May 2021

News

New EDPB Guidelines on targeted advertising to social media users

19 May 2021

News

Anne Rose and Oliver Millichap contribute a chapter on direct marketing to Practical Law

5 May 2021

News

Filippo Noseda at STEP Geneva on "Public Registers of Beneficial Ownership – Here to Stay?”

30 Apr 2021

News

Google's appeal in a landmark data protection case begins in the Supreme Court

28 Apr 2021

News

Football Dataco / Genius v Sportradar: latest claims bring in scouts as representative defendants

23 Apr 2021

News

Mishcon de Reya's new Innovation department launches with two new Partner Hires

12 Apr 2021

News

Mishcon Private Equity advise founders and management on the secondary buy-out of Xceptor

1 Apr 2021

Media

M:Tech Talks – Minesh Patel, Amplifi

25 Mar 2021

News

Employee health data in the age of COVID-19

23 Mar 2021

Media

Mishcon Academy: Digital Sessions – Self-reporting to Regulators – advantages, imperatives and pitfalls

17 Mar 2021

News

Making the most of a bad thing – using public data breaches for good

4 Mar 2021

News

Collective GDPR claims – is the route forward through the CPR?

1 Mar 2021

Event

Mishcon Academy: Digital Sessions - Self-reporting to Regulators: from regulatory shortcomings to data breaches, and back again

26 Feb 2021

News

Mishcon's new "UK GDPR" pages

23 Feb 2021

News

Mishcon de Reya teams up with The Privacy Compliance Hub

22 Feb 2021

News

Draft data adequacy decisions confirmed

22 Feb 2021

News

High Court dismisses claims for recovery of advertising costs in group litigation

17 Feb 2021

News

Data protection adequacy imminent for UK?

15 Feb 2021

News

Jon Baines featured in an inews article about the Freedom of Information Act

10 Feb 2021

News

The changing face of beauty tech

5 Feb 2021

News

The EU/UK Trade and Cooperation Agreement: Digital Trade

21 Jan 2021

News

ICO Employment Practices Code to be updated

19 Jan 2021

News

New EU rules on consumer representative actions

11 Jan 2021

Media

M:Tech Talks – Nodar Daneliya, Synth

6 Jan 2021

News

Sports data and sports betting: competition and private law rights arguments to be aired in Sportradar dispute

23 Dec 2020

News

Mishcon de Reya files GDPR Complaint with Luxembourg National Data Protection Committee (CNPD)

15 Dec 2020

News

Windrush landing cards destruction: did the Home Office meet its data obligations?

15 Dec 2020

News

Mishcon de Reya acts for students challenging the International Baccalaureate awards

14 Dec 2020

News

Jon Baines discusses the impact of Brexit on GDPR in Wired

9 Dec 2020

News

Guidance on international data transfers following Schrems II

4 Dec 2020

Media

Mishcon Academy: Digital Sessions – Workplaces of the Future

1 Dec 2020

News

Does Whitehall’s FOI process break data protection law?

26 Nov 2020

News

Jon Baines contributes to new report, 'The Cost of Data Inadequacy'

23 Nov 2020

Media

Mishcon Academy: Digital Sessions - Brexit: Data Protection Implications

19 Nov 2020

News

ICO Guidance on Subject Access Requests

16 Nov 2020

News

Propertyshe Perspectives: living in the time of COVID-19 uncertainty

9 Nov 2020

Event

Mishcon Academy: Digital Sessions - Brexit: Data Protection Implications

9 Nov 2020

News

Call recording – consent is not normally required

5 Nov 2020

News

One in three personal data breaches are reported “late” to ICO

4 Nov 2020

News

ICO's £18.4m fine against Marriott: a salutary reminder when conducting due diligence

2 Nov 2020

News

ICO Innovation Hub and the MHRA

2 Nov 2020

Event

The Personal Implications of Managing Cyber Security

21 Oct 2020

News

ICO slashes British Airways GDPR fine to £20m from proposed £183m

21 Oct 2020

News

Mishcon de Reya launches new digital transformation consultancy MDRxTECH

19 Oct 2020

News

Fitness and Health Tech: Rise of the wearables

5 Oct 2020

News

Further delay in proposed ICO GDPR fine for Marriott

2 Oct 2020

News

Technology and the future of healthcare

11 Sep 2020

News

Jon Baines provides foreword to new published study on GDPR in Government

8 Sep 2020

News

Sharing (data) is not always caring

8 Sep 2020

News

UK Government explores the AI labour market

7 Sep 2020

News

Jon Baines in Times Educational Supplement on potential challenge to International Baccalaureate awards

4 Sep 2020

News

Age Appropriate Design Code in force on 2 September 2020: Companies have 12 months to prepare

2 Sep 2020

News

Web 3.0 – an intelligent, connected, open internet

1 Sep 2020

News

Will ICO have to investigate the International Baccalaureate algorithm?

28 Aug 2020

News

Filippo Noseda discusses FATCA in Bloomberg

26 Aug 2020

News

Is "Big Tech" facing multiple showdowns with the EDPB?

25 Aug 2020

News

GDR: Third time lucky for EU/US data transfer deal?

24 Aug 2020

News

Why Morrisons isn’t the end of the data claims story

20 Aug 2020

News

Adam Rose in Forbes on Standard Contractual Clauses

19 Aug 2020

News

GDR: Third time lucky for EU/US data transfer deal?

17 Aug 2020

News

A-level results 2020: how historic data protection could impact modern appeals

14 Aug 2020

News

"Should personal financial data be sent to foreign tax authorities?" – Filippo Noseda discusses FATCA in The Economist

14 Aug 2020

News

Potential data protection challenges to A-level results

13 Aug 2020

Adam Rose
News

Adam Rose explains Standard Contractual Clauses in Digiday

10 Aug 2020

News

Jon Baines discusses ICO fines in The Register

6 Aug 2020

News

British Airways hints at massive reduction in proposed GDPR fine

31 Jul 2020

News

Sending real estate data to the US and other non-EEA countries is now a major challenge

30 Jul 2020

News

Tom Grogan speaks on CW webinar on post-COVID digital transformation

29 Jul 2020

News

Schrems II – sending data to the US (and other non-EEA countries) is now a major challenge

29 Jul 2020

Media

Mishcon Accumulator Podcast: Data Protection Code of Conduct

28 Jul 2020

News

Adam Rose discusses significance of Schrems ruling in Global Legal Post

22 Jul 2020

Mishcon Academy: Digital Sessions - The Schrems II judgment and the future of free movement of data
Media

Mishcon Academy: Digital Sessions - The Schrems II judgment and the future of free movement of data

16 Jul 2020

News

The Schrems II judgment and the future of free movement of data

15 Jul 2020

News

European Commission issues updated Stakeholder Notice on data protection

14 Jul 2020

News

Data leaks in sports

8 Jul 2020

News

Sian Harding and Tom Grogan published in SCL Student Bytes

7 Jul 2020

News

Nicola Vinovrški discusses the big data breach landscape in Journal of International Banking Law and Regulation

6 Jul 2020

News

The Caldicott Principles – are they good enough?

6 Jul 2020

News

CCPA - California's new data protection law is now enforceable

1 Jul 2020

GDPR
News

Commission evaluation report of GDPR: a good start, but areas for improvement

1 Jul 2020

News

Dubai International Financial Centre launches new Data Protection Law

26 Jun 2020

News

How should organisations plan for public data leaks?

26 Jun 2020

News

The EGBA publishes code of conduct on data protection in online gambling

24 Jun 2020

News

Hospitality sector faces major data protection challenges as lockdown relaxes

24 Jun 2020

News

Age Appropriate Design Code laid before Parliament

23 Jun 2020

News

Immigration and artificial intelligence: a 'digital hostile environment'?

22 Jun 2020

News

European Commission launches consultation on online regulation and new competition tool

3 Jun 2020

Media

Mishcon Academy: Digital Sessions podcast – GDPR 2 years on

2 Jun 2020

News

Data Protection Impact Assessments (DPIAs): critical in the next phase of our "new normal"

13 May 2020

News

Jon Baines discusses the NHS COVID-19 contact tracing app in Wired

13 May 2020

News

ICO appears to announce yet further delays to BA and Marriott investigations

12 May 2020

News

COVID-19: ICO issues statement on its regulatory approach

16 Apr 2020

News

COVID-19: Securing the remote worker

8 Apr 2020

News

Morrisons found not liable for rogue employee's data leak

6 Apr 2020

News

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

News

Further delays to ICO proposed fines for BA and Marriott

31 Mar 2020

News

How to sign documents during the COVID-19 "lockdown" – a guide to signing electronically

26 Mar 2020

News

Data protection: UK Government sets out its position on "essential equivalence" between the UK and EU

25 Mar 2020

News

GDPR "reprimands" – an extra compliance and reputational risk for organisations

17 Mar 2020

News

Data protection: solicitors' paper files were not a 'relevant filing system'

16 Mar 2020

News

COVID-19 and ICO's proposed fines for BA and Marriott

16 Mar 2020

News

Filippo Noseda contributes to The Wealth Report 2020 by Knight Frank

10 Mar 2020

News

Joe Hancock comments on the Virgin Data Breach on LBC

9 Mar 2020

News

European Commission announces need for AI law

27 Feb 2020

News

FCA suffers data breach affecting 1600 complainants

26 Feb 2020

News

Are fashion brands being transparent about data?

24 Feb 2020

News

Heathrow Airport Limited ruled to be a public authority for information-access regime

12 Feb 2020

News

Jon Baines to join ICO panel judging Data Protection Officer of the Year

6 Feb 2020

News

Data Protection in the transition period

5 Feb 2020

Brexit: navigating the transition period
News

Brexit: navigating the transition period

4 Feb 2020

News

Joe Hancock comments on Huawei 5G decision

29 Jan 2020

Children's data protection rights: a data protection casualty?
News

Children's data protection rights: a data protection casualty?

28 Jan 2020

News

Jon Baines in Campaign on ICO fines

22 Jan 2020

News

ICO publishes Age Appropriate Design Code

22 Jan 2020

News

Jon Baines quoted in GDR News

10 Jan 2020

News

Regulators begin to set boundaries for Artificial Intelligence

8 Jan 2020

News

ICO agrees delay over GDPR fines with both BA and Marriott

3 Jan 2020

News

Sportsbiz: the most important trends of 2019 & what to expect in 2020

31 Dec 2019

News

Advocate General delivers Opinion on standard contractual clauses for international data transfers

20 Dec 2019

News

ICO issues first fine under GDPR to London pharmacy

20 Dec 2019

News

Adam Rose comments on the CMA's digital advertising report on Radio 4 Today programme

19 Dec 2019

US Privacy shield and transfer of personal data for pharmaceutical research - What's changed?
News

US Privacy shield and transfer of personal data for pharmaceutical research - What's changed?

16 Dec 2019

News

ICO has issued only 3 notices of intent to serve GDPR fines

10 Dec 2019

News

€9.5m GDPR fine to German telco for insecure customer authentication

9 Dec 2019

News

ICO to write to all UK companies asking for data protection fee

4 Dec 2019

News

German Data Protection regulator fines real estate company millions for 'data cemetery'

22 Nov 2019

News

Storm clouds brewing for Google?

20 Nov 2019

News

Might BA and Marriott avoid their GDPR fines?

20 Nov 2019

News

No direct liability for EU representatives under GDPR, says EDPB

15 Nov 2019

News

Google's latest acquisition: more than just a bit of data…

5 Nov 2019

News

MDR Cyber comments on the large scale cyber-attack in Georgia

31 Oct 2019

News

Jon Baines in The Times Letters

30 Oct 2019

News

Data protection claims: A green light for representative actions

30 Oct 2019

The unsteady rise of UK group actions
News

The unsteady rise of UK group actions

10 Oct 2019

No deal Brexit and data protection
News

No Deal Brexit and Data Protection

7 Oct 2019

The Economist: America’s notorious tax-compliance law faces another challenge
News

The Economist: America’s notorious tax-compliance law faces another challenge

4 Oct 2019

The Duchess of Sussex announces she is suing The Mail on Sunday: Emma Woollcott comments
News

The Duchess of Sussex announces she is suing The Mail on Sunday: Emma Woollcott comments

2 Oct 2019

Lloyd v Google Court of Appeal judgment
News

Lloyd v Google Court of Appeal judgment

2 Oct 2019

Google wins right to be forgotten case
News

Google wins right to be forgotten case

25 Sep 2019

News

ICO intending to fine BA and Marriott International

12 Jul 2019

Boris Johnson and GDPR
News

Boris Johnson and GDPR

24 Jun 2019

Event

Shaping Cities – The Future of Mobility

19 Jun 2019

News

La Liga Fined €250,000 For Spying On App Users To Crack Down On Illegal Streams

14 Jun 2019

Anne Rose on applying GDPR and PECR to the sports sector
News

Anne Rose on applying GDPR and PECR to the sports sector

15 May 2019

Mishcon NOTLaw - The Art & Science of Successful M&A
Event

Mishcon NOTLaw - The Art & Science of Successful M&A

9 May 2019

Retail: An industry in flux
Event

Retail: An industry in flux

23 Apr 2019

“Computer says no” - data protection and reasonable adjustments
News

“Computer says no” - data protection and reasonable adjustments

5 Mar 2019

Shaping Cities: The Changing Face of Retail
Media

Shaping Cities: The Changing Face of Retail

14 Dec 2018

First UK enforcement action under GDPR and the new Data Protection Act
News

First UK enforcement action under GDPR and the new Data Protection Act

19 Sep 2018

Cities of tomorrow: intelligent, sustainable and data driven
Media

Cities of tomorrow: intelligent, sustainable and data driven

2 May 2018

FUTURE: PropTech 2018 - Keynote by Nick Kirby
Media

FUTURE: PropTech 2018 - Keynote by Nick Kirby

2 May 2018

GDPR
Media

What is GDPR?

27 Mar 2018

GDPR
Media

GDPR - What are your rights?

27 Mar 2018

GDPR
Media

GDPR - What are your obligations?

27 Mar 2018

General Data Protection Regulation and Cyber Security
Event

General Data Protection Regulation and Cyber Security

30 Aug 2017

Significant data breach leads to an undertaking, not a fine
News

Significant data breach leads to an undertaking, not a fine

4 Jul 2017

Brexit: the potential impact
Publication

Brexit: the potential impact

24 Jun 2016

News

LGBT Asylum: In Conversation with the UK Border Agency

1 Jun 2011

News

Mishcon de Reya climbs to 15th in the Financial Times Innovative Lawyers Top 50

21 Oct 2010

How can we help you?
Help

How can we help you?

Subscribe: I'd like to keep in touch

If your enquiry is urgent please call +44 20 3321 7000

COVID-19 Enquiry

I'm a client

I'm looking for advice

Something else