Companies that are able to leverage and protect their data effectively will be the winners in tomorrow's marketplace. Most companies however remain badly behind the curve: cross-industry studies show that on average less than half an organisation's data is actively used in decision-making, more than 70% of employees have access to data they should not and 80% of analysts' time is spent simply discovering and preparing data (Harvard Business Review).

The recent implementation of the GDPR regime has made failure to meet regulatory requirements a genuine threat to business and data breaches have become almost everyday headline news.

With the right advice you can take issues of diversity, reputation, flexibility and regulatory risk and turn them into comparative advantages.

Services

We are a data-driven business; technology is at the heart of our 10 Year Vision. We have committed to introducing a range of initiatives to greater utilise Artificial Intelligence and other technologies that will enhance our ability to service our clients' changing needs, for example:

We were the first major UK law firm to launch an in-house eDiscovery business – MDR Discover which uses machine learning instead of armies of paralegals to review documents in a fraction of the usual time.
Our Cyber Intelligence team – MDR Cyber has developed proprietary tools that scrape the Internet for connections that human analysts might take weeks to uncover, saving our clients money and allowing more time for our lawyers to develop winning strategies.
Our Real Estate team uses data manipulation tools to pull data automatically from public sources, including the Land Registry or Companies House.
We have now run two seasons of our incubator, MDR Lab and invested in two of the participating companies. One of them, Ping has used data analytics to completely overhaul our time recording system, giving clients greater visibility on how money is spent.
To underscore our commitment to becoming fully data-driven, we recruited Dr. Alastair Moore who previously led the analytics masters programme at UCL School of Management, as Head of Data Analytics and Machine Learning.

This experience of transforming our own business has helped us create a client-facing team which covers the overlapping data needs of business. Protect encompasses: Cyber security, Data theft & Investigations and Reputation Protection. Control comprises our GDPR and Data Protection teams. Enhance focuses on Data strategy & analytics.

Protect

Cyber security:

Our in-house cyber security consultant and data protection experts work closely alongside our data theft lawyers and reputation management specialists. With backgrounds in management consultancy and cyber security, our team can help clients identify their cyber risks, protect against them and give a greater degree of assurance that these risks are being properly managed, from both a technical and operational standpoint.

Data theft & Investigations:

A company's confidential data, whether a database of client information, key financial information or trade secrets, is one of its most valuable assets. It gives the company a competitive edge in the market. Yet its misappropriation and misuse can provide a competitor with a significant and unfair advantage. Confidential data can be extremely vulnerable to theft and misuse. Our team of data theft specialists has 15 years' experience advising on and litigating high profile data theft cases, and is made up of experts from our fraud litigation, white collar crime and employment groups.

Reputation Protection:

Digital technology allows publication of sensitive or damaging information to the world at large, often with little or no notice. Once sensitive information has been picked up by the media or spread online, an immediate response is vital to minimise its potential damage. But swift and robust management of a crisis is not enough. As well as preparing strategy in advance, implementing that strategy and providing damage limitation advice during and after a crisis, we have extensive experience of working with in-house teams to provide ongoing reputation management strategies.

Control

Data Protection & GDPR

We see regulatory risk as something that can be managed to the benefit of our clients rather than a cost that must simply be written off. Under the new GDPR regime, potential penalties for non-compliance have risen sharply, requiring proper judgement and design to be applied to data collection, and rapid notification if data is lost. The risk for non-compliance is not only financial but reputational.

But data is also a strategic issue – choosing what data to collect, how to use it, and how to protect it can bring great benefits; the value of a business can be greatly increased by good data practice. We advise our clients on how best to achieve their strategic objectives whilst complying with an evolving regulatory regime. We highlight gaps in compliance and explain how to implement the policies and procedures needed, as well as dealing with any incidents that may occur and consequent reputation management needs.

Our approach is summarised here.

Enhance

Data strategy and analytics:

Our in-house data strategy unit led by UCL and Cambridge fellow Dr. Alastair Moore, provides data-focused support to businesses across multiple sectors. Working with data is about producing knowledge; we turn that knowledge into insight, asking the right questions to unlock increased value within your business. The team also maintains active ties with academic partners to remain familiar with the rapidly changing landscape of data management tools.

Employee data:

Employers hold vast amounts of data on their employees, from salaries and bank details to personal information and medical records. Used correctly this data can enhance business outcomes; to ensure diversity – whether of age, race or ethnicity - or to measure and ameliorate any gender pay gap. However if managed incorrectly data can pose a considerable risk to employers. We advise clients on how to minimise risk through adopting the right practices and data management strategies and can train staff to ensure compliance.

Customer data:

We advise clients on the rules relating to marketing and how to collect, hold and exploit customer data.

Experience

Assisting clients with reviews of their cyber risk profile to provide reports to stakeholders; enabling clients to understanding the maturity of their current security practices and create strategies to keep them protected.
Designing new systems and cyber security controls for complex organisations in order to understand how data is collected and held in line with GDPR.
Offering expertise on cyber insurance, reviewing policies and products, envisaging loss scenarios and reviewing underlying risks for both insurers and policyholders.
Advising senior management of a large retailer on their customer care strategy in the event of a data loss.
Supporting the development of a new cyber security and data protection strategy for a major Oil and Gas exchange.
Supporting a FTSE100 retailer in the response to cyber incidents globally.
Reviewing the cyber maturity, strategy and operating model of a large UK energy group and advising on structure and future strategy.
Advising a major US software vendor on the modelling of cyber risk events.
Advising a major property developer on data protection aspects relating to its use of loyalty cards and mobile tracing techniques in respect of its town centre mixed use development.
Acting for a leading charity in relation to an investigation by the Information Commissioner into charity practices concerned with cold calling and data list selling.
Representing a major online gaming business on its multi-jurisdictional data protection compliance obligations and its handling of personal data in the context of the Data Protection Act, gambling regulation and historic player terms.
Acted for a hedge fund in an investigation into two former senior employees who allegedly downloaded financial secrets and complex trading software to set up in competition.