Data

Data

Protecting, controlling and leveraging your most valuable asset

Today data protection and information rights are integral to the lives of businesses and individuals. Barely a week goes by without a data or privacy story hitting the headlines. The advent of General Data Protection Regulation (GDPR) in 2018 requires businesses to understand its implications and comply with its rules. Failure to satisfy regulatory requirements can be a threat to any business. At the same time data breaches have become almost everyday news. However, with the right advice you can take issues of diversity, reputation, flexibility and regulatory risk and turn them into competitive advantages.

Key Services

We use Artificial Intelligence (AI) and other technologies to continually improve the level of service we deliver to our clients and meet their changing needs:

  • MDRxTECH, our dedicated digital transformation business, brings together best-in-class data scientists, engineers and lawyers to leverage its clients' data and add real value while maintaining compliance by design.
  • We were the first major UK law firm to launch an in-house eDiscovery business, MDR Discover. Using machine learning we review documents in a fraction of the time that armies of paralegals require.
  • Our Cyber Intelligence team, MDR Cyber, has developed proprietary tools that scrape the internet for connections that human analysts might take weeks to uncover. This saves our clients money and allows our lawyers more time to develop winning strategies.
  • Our Real Estate team uses data manipulation tools which automatically pull data from public sources, including the Land Registry and Companies House.

Our incubator, MDR LAB, has now run for three seasons and invested in several of the participating companies. Ping, for example, has used data analytics to completely overhaul our time recording system and give clients greater visibility on how money is spent.

With this experience and expertise we are able to offer a range of services that cover any client's data needs:

Cyber security

Our in-house cyber security consultant and data protection experts work closely alongside our data theft lawyers and reputation management specialists. With backgrounds in management consultancy and cyber security, our team helps clients to identify their cyber risks, protect against them and give a greater degree of assurance that these risks are being properly managed, from both a technical and operational standpoint.

Data theft, Confidential Information & Trade Secrets, Investigations

A company's confidential data, whether a database of client information, key financial information or trade secrets, is one of its most valuable assets. It gives the company a competitive edge in the market. Yet its misappropriation and misuse can provide a competitor with a significant and unfair advantage. Confidential data can be extremely vulnerable to theft and misuse. Our team of data theft specialists has 15 years' experience advising on and litigating high profile data theft cases, and is made up of experts from our fraud litigation, white collar crime and employment groups.

Reputation Protection

Digital technology allows publication of sensitive or damaging information to the world at large, and this can often happen unnoticed. Once sensitive information has been picked up by the media or spread online, an immediate response is vital to minimise its potential damage. 

But crisis management alone is not enough. We prepare strategy in advance, implement it swiftly and robustly when needed, and provide damage limitation advice during and after a crisis. We also have extensive experience of working with in-house teams to provide ongoing reputation management strategies.

Data Protection & GDPR

To us regulatory risk is not a cost that should simply be written off. It is something that can be managed and actually turned to your advantage. Of course, compliance with the GDPR regime is essential. With penalties for non-compliance having risen sharply, proper judgement and systems must be applied to data collection, and if data is lost, rapid notification is critical. Remember the risks of non-compliance are not only financial but reputational.

However, data is also a strategic issue. Choosing what data to collect, how to use it, and how to protect it can bring great benefits. The value of a business can be greatly increased by good data practice. We advise our clients on how best to achieve their strategic objectives while complying with an evolving regulatory regime. We highlight gaps in compliance, explain how to implement the requisite policies and procedures, resolve incidents and repair reputations.

Read more about our approach here.

Data science, analytics and strategy

MDRxTECH works closely with our clients to identify their datasets and engineer systems and strategies that deliver valuable results. Data can be used by organisations to derive new insights and possibilities, and our integrated offering ensures that our practices are unpinned by sound legal, regulatory and ethical principles. Our team maintain active ties to some of the world's leading academic institutions to ensure that they are across the latest technology and data science developments that may benefit our clients.

Employee data

Employers hold vast amounts of data on their employees, from salaries and bank details to personal information and medical records. Used correctly this data can enhance business outcomes; to ensure diversity – whether of age, race or ethnicity - or to measure and improve any gender pay gap. However, data can pose a considerable risk to employers if managed incorrectly. We advise clients on how to minimise risk by adopting the right practices and data management strategies, and we train staff to ensure compliance.

Customer data

We advise clients on the rules relating to marketing and how to collect, hold and use customer data.

Work highlights

Work highlight

Assisting clients

Assisting clients in their dealings with the Information Commissioner's Office in connection with potential enforcement action, and in handling subject access requests and refusals to supply personal data, by or to our clients

Work highlight

Online gaming business

Representing a major online gaming business on its multijurisdictional data protection compliance obligations and its handling of personal data in the context of the Data Protection Act, gambling regulation and historic player terms, and under GDPR, as well as on its direct marketing 

Work highlight

Advising an investor

Advising an investor corporate on handling difficult subject access requests made by directors of a hostile target business

Work highlight

Pharmaceutical company

Acting for a pharmaceutical company whose processor suffered a data hack and advising on notification and other GDPR matters

Work highlight

Lloyd v Google

Acting for Richard Lloyd as representative claimant against Google in respect of the 'Safari Workaround', which enabled Google to access iPhone users' surfing histories to serve targeted adverts 

Work highlight

Claimant taxpayer

Advising a claimant taxpayer on a disputed subject matter access request made to HMRC, resulting in his gaining considerable understanding of the internal file structures and processes adopted

Work highlight

Commodities wholesaler

Representing a wholesaler in the commodities market on local compliance considerations across some 30 countries

Work highlight

Recruitment client

Advising on multi-jurisdictional data handling arrangements for a client in the recruitment sector

Data Theft

Learn More

GDPR and Data Protection

Learn more

Dynamic Data Compliance

Find out more

Services

Sectors

Latest

News

Mishcon de Reya's new Innovation department launches with two new Partner Hires

12 Apr 2021

News

Mishcon Private Equity advise founders and management on the secondary buy-out of Xceptor

01 Apr 2021

Media

M:Tech Talks – Minesh Patel, Amplifi

25 Mar 2021

News

Employee health data in the age of COVID-19

23 Mar 2021

Media

Mishcon Academy: Digital Sessions – Self-reporting to Regulators – advantages, imperatives and pitfalls

17 Mar 2021

News

Making the most of a bad thing – using public data breaches for good

04 Mar 2021

News

Collective GDPR claims – is the route forward through the CPR?

01 Mar 2021

Event

Mishcon Academy: Digital Sessions - Self-reporting to Regulators: from regulatory shortcomings to data breaches, and back again

26 Feb 2021

News

Mishcon's new "UK GDPR" pages

23 Feb 2021

News

Mishcon de Reya teams up with The Privacy Compliance Hub

22 Feb 2021

News

Draft data adequacy decisions confirmed

22 Feb 2021

News

High Court dismisses claims for recovery of advertising costs in group litigation

17 Feb 2021

News

Data protection adequacy imminent for UK?

15 Feb 2021

News

Jon Baines featured in an inews article about the Freedom of Information Act

10 Feb 2021

News

The changing face of beauty tech

05 Feb 2021

News

The EU/UK Trade and Cooperation Agreement: Digital Trade

21 Jan 2021

News

ICO Employment Practices Code to be updated

19 Jan 2021

News

New EU rules on consumer representative actions

11 Jan 2021

Media

M:Tech Talks – Nodar Daneliya, Synth

06 Jan 2021

GDPR
News

Brexit and Data Protection

01 Jan 2021

News

Sports data and sports betting: competition and private law rights arguments to be aired in Sportradar dispute

23 Dec 2020

News

Mishcon de Reya files GDPR Complaint with Luxembourg National Data Protection Committee (CNPD)

15 Dec 2020

News

Windrush landing cards destruction: did the Home Office meet its data obligations?

15 Dec 2020

News

Mishcon de Reya acts for students challenging the International Baccalaureate awards

14 Dec 2020

News

Jon Baines discusses the impact of Brexit on GDPR in Wired

09 Dec 2020

News

Guidance on international data transfers following Schrems II

04 Dec 2020

Media

Mishcon Academy: Digital Sessions – Workplaces of the Future

01 Dec 2020

News

Does Whitehall’s FOI process break data protection law?

26 Nov 2020

News

Jon Baines contributes to new report, 'The Cost of Data Inadequacy'

23 Nov 2020

Media

Mishcon Academy: Digital Sessions - Brexit: Data Protection Implications

19 Nov 2020

News

ICO Guidance on Subject Access Requests

16 Nov 2020

News

Propertyshe Perspectives: living in the time of COVID-19 uncertainty

09 Nov 2020

Event

Mishcon Academy: Digital Sessions - Brexit: Data Protection Implications

09 Nov 2020

News

Call recording – consent is not normally required

05 Nov 2020

News

One in three personal data breaches are reported “late” to ICO

04 Nov 2020

News

ICO's £18.4m fine against Marriott: a salutary reminder when conducting due diligence

02 Nov 2020

News

ICO Innovation Hub and the MHRA

02 Nov 2020

Event

The Personal Implications of Managing Cyber Security

21 Oct 2020

News

ICO slashes British Airways GDPR fine to £20m from proposed £183m

21 Oct 2020

News

Mishcon de Reya launches new digital transformation consultancy MDRxTECH

19 Oct 2020

News

Fitness and Health Tech: Rise of the wearables

05 Oct 2020

News

New EDPB Guidelines on targeted advertising to social media users

02 Oct 2020

News

Further delay in proposed ICO GDPR fine for Marriott

02 Oct 2020

News

Technology and the future of healthcare

11 Sep 2020

News

Jon Baines provides foreword to new published study on GDPR in Government

08 Sep 2020

News

Sharing (data) is not always caring

08 Sep 2020

News

UK Government explores the AI labour market

07 Sep 2020

News

Jon Baines in Times Educational Supplement on potential challenge to International Baccalaureate awards

04 Sep 2020

News

Age Appropriate Design Code in force on 2 September 2020: Companies have 12 months to prepare

02 Sep 2020

News

Web 3.0 – an intelligent, connected, open internet

01 Sep 2020

News

Will ICO have to investigate the International Baccalaureate algorithm?

28 Aug 2020

News

Filippo Noseda discusses FATCA in Bloomberg

26 Aug 2020

News

Is "Big Tech" facing multiple showdowns with the EDPB?

25 Aug 2020

News

GDR: Third time lucky for EU/US data transfer deal?

24 Aug 2020

News

Why Morrisons isn’t the end of the data claims story

20 Aug 2020

News

Adam Rose in Forbes on Standard Contractual Clauses

19 Aug 2020

News

GDR: Third time lucky for EU/US data transfer deal?

17 Aug 2020

News

A-level results 2020: how historic data protection could impact modern appeals

14 Aug 2020

News

"Should personal financial data be sent to foreign tax authorities?" – Filippo Noseda discusses FATCA in The Economist

14 Aug 2020

News

Potential data protection challenges to A-level results

13 Aug 2020

Adam Rose
News

Adam Rose explains Standard Contractual Clauses in Digiday

10 Aug 2020

News

Jon Baines discusses ICO fines in The Register

06 Aug 2020

News

British Airways hints at massive reduction in proposed GDPR fine

31 Jul 2020

News

Sending real estate data to the US and other non-EEA countries is now a major challenge

30 Jul 2020

News

Tom Grogan speaks on CW webinar on post-COVID digital transformation

29 Jul 2020

News

Schrems II – sending data to the US (and other non-EEA countries) is now a major challenge

29 Jul 2020

Media

Mishcon Accumulator Podcast: Data Protection Code of Conduct

28 Jul 2020

News

Adam Rose discusses significance of Schrems ruling in Global Legal Post

22 Jul 2020

Mishcon Academy: Digital Sessions - The Schrems II judgment and the future of free movement of data
Media

Mishcon Academy: Digital Sessions - The Schrems II judgment and the future of free movement of data

16 Jul 2020

News

The Schrems II judgment and the future of free movement of data

15 Jul 2020

News

European Commission issues updated Stakeholder Notice on data protection

14 Jul 2020

News

Data leaks in sports

08 Jul 2020

News

Sian Harding and Tom Grogan published in SCL Student Bytes

07 Jul 2020

News

Nicola Vinovrški discusses the big data breach landscape in Journal of International Banking Law and Regulation

06 Jul 2020

News

The Caldicott Principles – are they good enough?

06 Jul 2020

News

CCPA - California's new data protection law is now enforceable

01 Jul 2020

GDPR
News

Commission evaluation report of GDPR: a good start, but areas for improvement

01 Jul 2020

News

Dubai International Financial Centre launches new Data Protection Law

26 Jun 2020

News

How should organisations plan for public data leaks?

26 Jun 2020

News

The EGBA publishes code of conduct on data protection in online gambling

24 Jun 2020

News

Hospitality sector faces major data protection challenges as lockdown relaxes

24 Jun 2020

News

Age Appropriate Design Code laid before Parliament

23 Jun 2020

News

Immigration and artificial intelligence: a 'digital hostile environment'?

22 Jun 2020

News

European Commission launches consultation on online regulation and new competition tool

03 Jun 2020

Media

Mishcon Academy: Digital Sessions podcast – GDPR 2 years on

02 Jun 2020

News

Data Protection Impact Assessments (DPIAs): critical in the next phase of our "new normal"

13 May 2020

News

Jon Baines discusses the NHS COVID-19 contact tracing app in Wired

13 May 2020

News

ICO appears to announce yet further delays to BA and Marriott investigations

12 May 2020

News

COVID-19: ICO issues statement on its regulatory approach

16 Apr 2020

News

COVID-19: Securing the remote worker

08 Apr 2020

News

Morrisons found not liable for rogue employee's data leak

06 Apr 2020

News

Supreme Court rules Morrisons was not liable for 2014 data breach

01 Apr 2020

News

Further delays to ICO proposed fines for BA and Marriott

31 Mar 2020

News

How to sign documents during the COVID-19 "lockdown" – a guide to signing electronically

26 Mar 2020

News

Data protection: UK Government sets out its position on "essential equivalence" between the UK and EU

25 Mar 2020

News

GDPR "reprimands" – an extra compliance and reputational risk for organisations

17 Mar 2020

News

Data protection: solicitors' paper files were not a 'relevant filing system'

16 Mar 2020

News

COVID-19 and ICO's proposed fines for BA and Marriott

16 Mar 2020

News

Filippo Noseda contributes to The Wealth Report 2020 by Knight Frank

10 Mar 2020

News

Joe Hancock comments on the Virgin Data Breach on LBC

09 Mar 2020

News

European Commission announces need for AI law

27 Feb 2020

News

FCA suffers data breach affecting 1600 complainants

26 Feb 2020

News

Are fashion brands being transparent about data?

24 Feb 2020

News

Heathrow Airport Limited ruled to be a public authority for information-access regime

12 Feb 2020

News

Jon Baines to join ICO panel judging Data Protection Officer of the Year

06 Feb 2020

News

Data Protection in the transition period

05 Feb 2020

Brexit: navigating the transition period
News

Brexit: navigating the transition period

04 Feb 2020

News

Joe Hancock comments on Huawei 5G decision

29 Jan 2020

Children's data protection rights: a data protection casualty?
News

Children's data protection rights: a data protection casualty?

28 Jan 2020

News

Jon Baines in Campaign on ICO fines

22 Jan 2020

News

ICO publishes Age Appropriate Design Code

22 Jan 2020

News

Jon Baines quoted in GDR News

10 Jan 2020

News

Regulators begin to set boundaries for Artificial Intelligence

08 Jan 2020

News

ICO agrees delay over GDPR fines with both BA and Marriott

03 Jan 2020

"Mishcon predicts" – What our experts say about 2020
News

"Mishcon predicts" – What our experts say about 2020

03 Jan 2020

News

Sportsbiz: the most important trends of 2019 & what to expect in 2020

31 Dec 2019

News

Advocate General delivers Opinion on standard contractual clauses for international data transfers

20 Dec 2019

News

ICO issues first fine under GDPR to London pharmacy

20 Dec 2019

News

Adam Rose comments on the CMA's digital advertising report on Radio 4 Today programme

19 Dec 2019

US Privacy shield and transfer of personal data for pharmaceutical research - What's changed?
News

US Privacy shield and transfer of personal data for pharmaceutical research - What's changed?

16 Dec 2019

News

ICO has issued only 3 notices of intent to serve GDPR fines

10 Dec 2019

News

€9.5m GDPR fine to German telco for insecure customer authentication

09 Dec 2019

News

ICO to write to all UK companies asking for data protection fee

04 Dec 2019

News

German Data Protection regulator fines real estate company millions for 'data cemetery'

22 Nov 2019

News

Storm clouds brewing for Google?

20 Nov 2019

News

Might BA and Marriott avoid their GDPR fines?

20 Nov 2019

News

No direct liability for EU representatives under GDPR, says EDPB

15 Nov 2019

Filippo Noseda discusses FATCA campaign in European Parliament
News

Filippo Noseda discusses FATCA campaign in European Parliament

12 Nov 2019

News

Google's latest acquisition: more than just a bit of data…

05 Nov 2019

News

MDR Cyber comments on the large scale cyber-attack in Georgia

31 Oct 2019

News

Jon Baines in The Times Letters

30 Oct 2019

News

Data protection claims: A green light for representative actions

30 Oct 2019

The unsteady rise of UK group actions
News

The unsteady rise of UK group actions

10 Oct 2019

No deal Brexit and data protection
News

No Deal Brexit and Data Protection

07 Oct 2019

The Economist: America’s notorious tax-compliance law faces another challenge
News

The Economist: America’s notorious tax-compliance law faces another challenge

04 Oct 2019

The Duchess of Sussex announces she is suing The Mail on Sunday: Emma Woollcott comments
News

The Duchess of Sussex announces she is suing The Mail on Sunday: Emma Woollcott comments

02 Oct 2019

Lloyd v Google Court of Appeal judgment
News

Lloyd v Google Court of Appeal judgment

02 Oct 2019

Google wins right to be forgotten case
News

Google wins right to be forgotten case

25 Sep 2019

First legal challenge of facial recognition technology unsuccessful
News

First legal challenge of facial recognition technology unsuccessful

04 Sep 2019

News

ICO change to guidance on Subject Access Request time limits

14 Aug 2019

News

Marriott's potential GDPR fine – a lesson in due diligence?

07 Aug 2019

News

Jon Baines on the Liberty v Home Department judgment

31 Jul 2019

EU opens formal competition investigation into Amazon over use of merchant data
News

EU opens formal competition investigation into Amazon over use of merchant data

19 Jul 2019

Working with The Machines: 5 key things to consider when dealing with AI
News

Working with The Machines: 5 key things to consider when dealing with AI

17 Jul 2019

News

ICO intending to fine BA and Marriott International

12 Jul 2019

European Court hears case on EU-US data transfers
News

European Court hears case on EU-US data transfers

10 Jul 2019

ICO issues new cookie guidance…is your website compliant?
News

ICO issues new cookie guidance…is your website compliant?

04 Jul 2019

ICO serves Met Police with enforcement notices for GDPR delays
News

ICO serves Met Police with enforcement notices for GDPR delays

02 Jul 2019

News

Anne Rose explains the evolution in distributed ledger technology

01 Jul 2019

News

GDPR challenges for blockchain technology

01 Jul 2019

News

Jon Baines in Guardian Letters

01 Jul 2019

ICO website doesn't comply with GDPR
News

ICO website doesn't comply with GDPR

27 Jun 2019

Boris Johnson and GDPR
News

Boris Johnson and GDPR

24 Jun 2019

News

The global outlook on data protection—the UK.

21 Jun 2019

News

ICO joins regulator network

21 Jun 2019

Event

Shaping Cities – The Future of Mobility

19 Jun 2019

News

UK data regulator admits its own website does not conform to GDPR

19 Jun 2019

Information Tribunal rejects data subject appeals under new Data Protection Act
News

Information Tribunal rejects data subject appeals under new Data Protection Act

18 Jun 2019

News

La Liga Fined €250,000 For Spying On App Users To Crack Down On Illegal Streams

14 Jun 2019

MI5's handling of data
News

MI5's handling of data

12 Jun 2019

GDPR: One year on
News

GDPR: One year on

29 May 2019

GDPR: Lessons from the past year
News

GDPR: Lessons from the past year

24 May 2019

Smart cities: the privacy risks of living smart
News

Smart cities: the privacy risks of living smart

15 May 2019

Anne Rose on applying GDPR and PECR to the sports sector
News

Anne Rose on applying GDPR and PECR to the sports sector

15 May 2019

News

Infosecurity magazine: 'Websites Continue to Collect PII Data Insecurely'

10 May 2019

News

Court gives guidance on data subject access requests and third party information

10 May 2019

Mishcon NOTLaw - The Art & Science of Successful M&A
Event

Mishcon NOTLaw - The Art & Science of Successful M&A

09 May 2019

Data Protection – how can recruiters ensure they’re sharing the right data with the right people across the supply chain?
News

Data Protection – how can recruiters ensure they’re sharing the right data with the right people across the supply chain?

08 May 2019

Retail: An industry in flux
Event

Retail: An industry in flux

23 Apr 2019

£120,000 ICO fine for unlawful filming in maternity clinic
News

£120,000 ICO fine for unlawful filming in maternity clinic

10 Apr 2019

In search of solutions to delays and red tape caused by UK’s exit from EU
News

In search of solutions to delays and red tape caused by UK’s exit from EU

25 Mar 2019

ICO: no GDPR fines in the immediate pipeline
News

ICO: no GDPR fines in the immediate pipeline

18 Mar 2019

MPs, Lords, councillors exempt from data protection fee
News

MPs, Lords, councillors exempt from data protection fee

11 Mar 2019

Fundraising regulator refers 59 charities to Information Commissioner
News

Fundraising regulator refers 59 charities to Information Commissioner

06 Mar 2019

“Computer says no” - data protection and reasonable adjustments
News

“Computer says no” - data protection and reasonable adjustments

05 Mar 2019

News

Further guidance on data transfers in the event of a no-deal Brexit

25 Feb 2019

GDPR and direct marketing – consent is not always required
News

GDPR and direct marketing – consent is not always required

21 Feb 2019

Disinformation and 'fake news': commentary on the DCMS Committee report
News

Disinformation and 'fake news': commentary on the DCMS Committee report

19 Feb 2019

EU GDPR: Consent is Key
News

Employee monitoring and staff consent

18 Feb 2019

Shaping Cities: The Changing Face of Retail
Media

Shaping Cities: The Changing Face of Retail

14 Dec 2018

First UK enforcement action under GDPR and the new Data Protection Act
News

First UK enforcement action under GDPR and the new Data Protection Act

19 Sep 2018

Cities of tomorrow: intelligent, sustainable and data driven
Media

Cities of tomorrow: intelligent, sustainable and data driven

02 May 2018

FUTURE: PropTech 2018 - Keynote by Nick Kirby
Media

FUTURE: PropTech 2018 - Keynote by Nick Kirby

02 May 2018

GDPR
Media

What is GDPR?

27 Mar 2018

GDPR
Media

GDPR - What are your rights?

27 Mar 2018

GDPR
Media

GDPR - What are your obligations?

27 Mar 2018

General Data Protection Regulation and Cyber Security
Event

General Data Protection Regulation and Cyber Security

30 Aug 2017

Significant data breach leads to an undertaking, not a fine
News

Significant data breach leads to an undertaking, not a fine

04 Jul 2017

Brexit: the potential impact
Publication

Brexit: the potential impact

24 Jun 2016

News

LGBT Asylum: In Conversation with the UK Border Agency

01 Jun 2011

News

Mishcon de Reya climbs to 15th in the Financial Times Innovative Lawyers Top 50

21 Oct 2010

How can we help you?

How can we help you?

Subscribe: I'd like to keep in touch

If your enquiry is urgent please call +44 20 3321 7000

Crisis Hotline

COVID-19 Enquiry

I'm a client

I'm looking for advice

Something else