Data

Data

Overview
Data Theft
GDPR and Data Protection
Virtual Data Protection Officer
The UK left the EU on 31 January 2020. A transition period, during which EU laws continue to apply in the UK, is due to end on 31 December 2020. The UK/EU Withdrawal Agreement sets out transitional arrangements and negotiations for the future UK/EU relationship are ongoing.

Protecting, controlling and leveraging your most valuable asset

Today data protection and information rights are integral to the lives of businesses and individuals. Barely a week goes by without a data or privacy story hitting the headlines. The advent of General Data Protection Regulation (GDPR) in 2018 requires businesses to understand its implications and comply with its rules. Failure to satisfy regulatory requirements can be a threat to any business. At the same time data breaches have become almost everyday news. However, with the right advice you can take issues of diversity, reputation, flexibility and regulatory risk and turn them into competitive advantages.

Key Services

We use Artificial Intelligence (AI) and other technologies to continually improve the level of service we deliver to our clients and meet their changing needs:

  • We were the first major UK law firm to launch an in-house eDiscovery business, MDR Discover. Using machine learning we review documents in a fraction of the time that armies of paralegals require.
  • Our Cyber Intelligence team, MDR Cyber, has developed proprietary tools that scrape the internet for connections that human analysts might take weeks to uncover. This saves our clients money and allows our lawyers more time to develop winning strategies.
  • Our Real Estate team uses data manipulation tools which automatically pull data from public sources, including the Land Registry and Companies House.

Our incubator, MDR LAB, has now run for three seasons and invested in several of the participating companies. Ping, for example, has used data analytics to completely overhaul our time recording system and give clients greater visibility on how money is spent.

With this experience and expertise we are able to offer a range of services that cover any client's data needs:

Cyber security

Our in-house cyber security consultant and data protection experts work closely alongside our data theft lawyers and reputation management specialists. With backgrounds in management consultancy and cyber security, our team helps clients to identify their cyber risks, protect against them and give a greater degree of assurance that these risks are being properly managed, from both a technical and operational standpoint.

Data theft, Confidential Information & Trade Secrets, Investigations

A company's confidential data, whether a database of client information, key financial information or trade secrets, is one of its most valuable assets. It gives the company a competitive edge in the market. Yet its misappropriation and misuse can provide a competitor with a significant and unfair advantage. Confidential data can be extremely vulnerable to theft and misuse. Our team of data theft specialists has 15 years' experience advising on and litigating high profile data theft cases, and is made up of experts from our fraud litigation, white collar crime and employment groups.

Reputation Protection

Digital technology allows publication of sensitive or damaging information to the world at large, and this can often happen unnoticed. Once sensitive information has been picked up by the media or spread online, an immediate response is vital to minimise its potential damage. 

But crisis management alone is not enough. We prepare strategy in advance, implement it swiftly and robustly when needed, and provide damage limitation advice during and after a crisis. We also have extensive experience of working with in-house teams to provide ongoing reputation management strategies.

Data Protection & GDPR

To us regulatory risk is not a cost that should simply be written off. It is something that can be managed and actually turned to your advantage. Of course, compliance with the GDPR regime is essential. With penalties for non-compliance having risen sharply, proper judgement and systems must be applied to data collection, and if data is lost, rapid notification is critical. Remember the risks of non-compliance are not only financial but reputational.

However, data is also a strategic issue. Choosing what data to collect, how to use it, and how to protect it can bring great benefits. The value of a business can be greatly increased by good data practice. We advise our clients on how best to achieve their strategic objectives while complying with an evolving regulatory regime. We highlight gaps in compliance, explain how to implement the requisite policies and procedures, resolve incidents and repair reputations.

Read more about our approach here.

Data strategy and analytics

Our in-house data strategy unit, led by UCL and Cambridge fellow Dr. Alastair Moore, provides data-focused support to businesses across a wide range of sectors. Working with data is a key way to acquire new knowledge, which, by asking the right questions, can then be turned into insight which can in turn unlock increased value within your business. Maintaining active ties with academic partners ensures our team are up to speed with the very latest in data management tools.

Employee data

Employers hold vast amounts of data on their employees, from salaries and bank details to personal information and medical records. Used correctly this data can enhance business outcomes; to ensure diversity – whether of age, race or ethnicity - or to measure and improve any gender pay gap. However, data can pose a considerable risk to employers if managed incorrectly. We advise clients on how to minimise risk by adopting the right practices and data management strategies, and we train staff to ensure compliance.

Customer data

We advise clients on the rules relating to marketing and how to collect, hold and use customer data.

Work highlights

Work highlight

Assisting clients

Assisting clients in their dealings with the Information Commissioner's Office in connection with potential enforcement action, and in handling subject access requests and refusals to supply personal data, by or to our clients

Work highlight

Online gaming business

Representing a major online gaming business on its multijurisdictional data protection compliance obligations and its handling of personal data in the context of the Data Protection Act, gambling regulation and historic player terms, and under GDPR, as well as on its direct marketing 

Work highlight

Advising an investor

Advising an investor corporate on handling difficult subject access requests made by directors of a hostile target business

Work highlight

Pharmaceutical company

Acting for a pharmaceutical company whose processor suffered a data hack and advising on notification and other GDPR matters

Work highlight

Lloyd v Google

Acting for Richard Lloyd as representative claimant against Google in respect of the 'Safari Workaround', which enabled Google to access iPhone users' surfing histories to serve targeted adverts 

Work highlight

Claimant taxpayer

Advising a claimant taxpayer on a disputed subject matter access request made to HMRC, resulting in his gaining considerable understanding of the internal file structures and processes adopted

Work highlight

Commodities wholesaler

Representing a wholesaler in the commodities market on local compliance considerations across some 30 countries

Work highlight

Recruitment client

Advising on multi-jurisdictional data handling arrangements for a client in the recruitment sector

Data Theft

Learn More

GDPR and Data Protection

Learn more

Virtual DPO

Learn more

Services

Sectors

Latest

Adam Rose
News

Adam Rose explains Standard Contractual Clauses in Digiday

10 Aug 2020

News

Jon Baines discusses ICO fines in The Register

06 Aug 2020

News

British Airways hints at massive reduction in proposed GDPR fine

31 Jul 2020

News

Sending real estate data to the US and other non-EEA countries is now a major challenge

30 Jul 2020

News

Tom Grogan speaks on CW webinar on post-COVID digital transformation

29 Jul 2020

News

Schrems II – sending data to the US (and other non-EEA countries) is now a major challenge

29 Jul 2020

Media

Mishcon Accumulator Podcast: Data Protection Code of Conduct

28 Jul 2020

News

Adam Rose discusses significance of Schrems ruling in Global Legal Post

22 Jul 2020

Mishcon Academy: Digital Sessions - The Schrems II judgment and the future of free movement of data
Media

Mishcon Academy: Digital Sessions - The Schrems II judgment and the future of free movement of data

16 Jul 2020

News

The Schrems II judgment and the future of free movement of data

15 Jul 2020

News

European Commission issues updated Stakeholder Notice on data protection

14 Jul 2020

News

Data leaks in sports

08 Jul 2020

News

Sian Harding and Tom Grogan published in SCL Student Bytes

07 Jul 2020

News

Nicola Vinovrški discusses the big data breach landscape in Journal of International Banking Law and Regulation

06 Jul 2020

News

The Caldicott Principles – are they good enough?

06 Jul 2020

News

CCPA - California's new data protection law is now enforceable

01 Jul 2020

GDPR
News

Commission evaluation report of GDPR: a good start, but areas for improvement

01 Jul 2020

News

Dubai International Financial Centre launches new Data Protection Law

26 Jun 2020

News

How should organisations plan for public data leaks?

26 Jun 2020

News

The EGBA publishes code of conduct on data protection in online gambling

24 Jun 2020

News

Hospitality sector faces major data protection challenges as lockdown relaxes

24 Jun 2020

News

Age Appropriate Design Code laid before Parliament

23 Jun 2020

News

Immigration and artificial intelligence: a 'digital hostile environment'?

22 Jun 2020

GDPR
News

Brexit and Data Protection

16 Jun 2020

News

European Commission launches consultation on online regulation and new competition tool

03 Jun 2020

Media

Mishcon Academy: Digital Sessions podcast – GDPR 2 years on

02 Jun 2020

News

Data Protection Impact Assessments (DPIAs): critical in the next phase of our "new normal"

13 May 2020

News

Jon Baines discusses the NHS COVID-19 contact tracing app in Wired

13 May 2020

News

ICO appears to announce yet further delays to BA and Marriott investigations

12 May 2020

News

COVID-19: ICO issues statement on its regulatory approach

16 Apr 2020

News

COVID-19: Securing the remote worker

08 Apr 2020

News

Morrisons found not liable for rogue employee's data leak

06 Apr 2020

News

Supreme Court rules Morrisons was not liable for 2014 data breach

01 Apr 2020

News

Further delays to ICO proposed fines for BA and Marriott

31 Mar 2020

News

How to sign documents during the COVID-19 "lockdown" – a guide to signing electronically

26 Mar 2020

News

Data protection: UK Government sets out its position on "essential equivalence" between the UK and EU

25 Mar 2020

News

GDPR "reprimands" – an extra compliance and reputational risk for organisations

17 Mar 2020

News

Data protection: solicitors' paper files were not a 'relevant filing system'

16 Mar 2020

News

COVID-19 and ICO's proposed fines for BA and Marriott

16 Mar 2020

News

Filippo Noseda contributes to The Wealth Report 2020 by Knight Frank

10 Mar 2020

News

Joe Hancock comments on the Virgin Data Breach on LBC

09 Mar 2020

News

European Commission announces need for AI law

27 Feb 2020

News

FCA suffers data breach affecting 1600 complainants

26 Feb 2020

News

Are fashion brands being transparent about data?

24 Feb 2020

News

Heathrow Airport Limited ruled to be a public authority for information-access regime

12 Feb 2020

News

Jon Baines to join ICO panel judging Data Protection Officer of the Year

06 Feb 2020

News

Data Protection in the transition period

05 Feb 2020

Brexit: navigating the transition period
News

Brexit: navigating the transition period

04 Feb 2020

News

Joe Hancock comments on Huawei 5G decision

29 Jan 2020

Children's data protection rights: a data protection casualty?
News

Children's data protection rights: a data protection casualty?

28 Jan 2020

News

Jon Baines in Campaign on ICO fines

22 Jan 2020

News

ICO publishes Age Appropriate Design Code

22 Jan 2020

News

Jon Baines quoted in GDR News

10 Jan 2020

News

Regulators begin to set boundaries for Artificial Intelligence

08 Jan 2020

News

ICO agrees delay over GDPR fines with both BA and Marriott

03 Jan 2020

"Mishcon predicts" – What our experts say about 2020
News

"Mishcon predicts" – What our experts say about 2020

03 Jan 2020

News

Sportsbiz: the most important trends of 2019 & what to expect in 2020

31 Dec 2019

News

Advocate General delivers Opinion on standard contractual clauses for international data transfers

20 Dec 2019

News

ICO issues first fine under GDPR to London pharmacy

20 Dec 2019

News

Adam Rose comments on the CMA's digital advertising report on Radio 4 Today programme

19 Dec 2019

US Privacy shield and transfer of personal data for pharmaceutical research - What's changed?
News

US Privacy shield and transfer of personal data for pharmaceutical research - What's changed?

16 Dec 2019

News

ICO has issued only 3 notices of intent to serve GDPR fines

10 Dec 2019

News

€9.5m GDPR fine to German telco for insecure customer authentication

09 Dec 2019

News

ICO to write to all UK companies asking for data protection fee

04 Dec 2019

News

German Data Protection regulator fines real estate company millions for 'data cemetery'

22 Nov 2019

News

Storm clouds brewing for Google?

20 Nov 2019

News

Might BA and Marriott avoid their GDPR fines?

20 Nov 2019

News

No direct liability for EU representatives under GDPR, says EDPB

15 Nov 2019

Filippo Noseda discusses FATCA campaign in European Parliament
News

Filippo Noseda discusses FATCA campaign in European Parliament

12 Nov 2019

News

Google's latest acquisition: more than just a bit of data…

05 Nov 2019

News

MDR Cyber comments on the large scale cyber-attack in Georgia

31 Oct 2019

News

Jon Baines in The Times Letters

30 Oct 2019

News

Data protection claims: A green light for representative actions

30 Oct 2019

The unsteady rise of UK group actions
News

The unsteady rise of UK group actions

10 Oct 2019

No deal Brexit and data protection
News

No Deal Brexit and Data Protection

07 Oct 2019

The Economist: America’s notorious tax-compliance law faces another challenge
News

The Economist: America’s notorious tax-compliance law faces another challenge

04 Oct 2019

The Duchess of Sussex announces she is suing The Mail on Sunday: Emma Woollcott comments
News

The Duchess of Sussex announces she is suing The Mail on Sunday: Emma Woollcott comments

02 Oct 2019

Lloyd v Google Court of Appeal judgment
News

Lloyd v Google Court of Appeal judgment

02 Oct 2019

Google wins right to be forgotten case
News

Google wins right to be forgotten case

25 Sep 2019

First legal challenge of facial recognition technology unsuccessful
News

First legal challenge of facial recognition technology unsuccessful

04 Sep 2019

News

ICO change to guidance on Subject Access Request time limits

14 Aug 2019

News

Marriott's potential GDPR fine – a lesson in due diligence?

07 Aug 2019

News

Jon Baines on the Liberty v Home Department judgment

31 Jul 2019

EU opens formal competition investigation into Amazon over use of merchant data
News

EU opens formal competition investigation into Amazon over use of merchant data

19 Jul 2019

Working with The Machines: 5 key things to consider when dealing with AI
News

Working with The Machines: 5 key things to consider when dealing with AI

17 Jul 2019

News

ICO intending to fine BA and Marriott International

12 Jul 2019

European Court hears case on EU-US data transfers
News

European Court hears case on EU-US data transfers

10 Jul 2019

ICO issues new cookie guidance…is your website compliant?
News

ICO issues new cookie guidance…is your website compliant?

04 Jul 2019

ICO serves Met Police with enforcement notices for GDPR delays
News

ICO serves Met Police with enforcement notices for GDPR delays

02 Jul 2019

News

Anne Rose explains the evolution in distributed ledger technology

01 Jul 2019

News

GDPR challenges for blockchain technology

01 Jul 2019

News

Jon Baines in Guardian Letters

01 Jul 2019

ICO website doesn't comply with GDPR
News

ICO website doesn't comply with GDPR

27 Jun 2019

Boris Johnson and GDPR
News

Boris Johnson and GDPR

24 Jun 2019

News

The global outlook on data protection—the UK.

21 Jun 2019

News

ICO joins regulator network

21 Jun 2019

Event

Shaping Cities – The Future of Mobility

19 Jun 2019

News

UK data regulator admits its own website does not conform to GDPR

19 Jun 2019

Information Tribunal rejects data subject appeals under new Data Protection Act
News

Information Tribunal rejects data subject appeals under new Data Protection Act

18 Jun 2019

News

La Liga Fined €250,000 For Spying On App Users To Crack Down On Illegal Streams

14 Jun 2019

MI5's handling of data
News

MI5's handling of data

12 Jun 2019

GDPR: One year on
News

GDPR: One year on

29 May 2019

GDPR: Lessons from the past year
News

GDPR: Lessons from the past year

24 May 2019

Smart cities: the privacy risks of living smart
News

Smart cities: the privacy risks of living smart

15 May 2019

Anne Rose on applying GDPR and PECR to the sports sector
News

Anne Rose on applying GDPR and PECR to the sports sector

15 May 2019

News

Infosecurity magazine: 'Websites Continue to Collect PII Data Insecurely'

10 May 2019

News

Court gives guidance on data subject access requests and third party information

10 May 2019

Mishcon NOTLaw - The Art & Science of Successful M&A
Event

Mishcon NOTLaw - The Art & Science of Successful M&A

09 May 2019

Data Protection – how can recruiters ensure they’re sharing the right data with the right people across the supply chain?
News

Data Protection – how can recruiters ensure they’re sharing the right data with the right people across the supply chain?

08 May 2019

Retail: An industry in flux
Event

Retail: An industry in flux

23 Apr 2019

£120,000 ICO fine for unlawful filming in maternity clinic
News

£120,000 ICO fine for unlawful filming in maternity clinic

10 Apr 2019

In search of solutions to delays and red tape caused by UK’s exit from EU
News

In search of solutions to delays and red tape caused by UK’s exit from EU

25 Mar 2019

ICO: no GDPR fines in the immediate pipeline
News

ICO: no GDPR fines in the immediate pipeline

18 Mar 2019

MPs, Lords, councillors exempt from data protection fee
News

MPs, Lords, councillors exempt from data protection fee

11 Mar 2019

Fundraising regulator refers 59 charities to Information Commissioner
News

Fundraising regulator refers 59 charities to Information Commissioner

06 Mar 2019

“Computer says no” - data protection and reasonable adjustments
News

“Computer says no” - data protection and reasonable adjustments

05 Mar 2019

News

Further guidance on data transfers in the event of a no-deal Brexit

25 Feb 2019

GDPR and direct marketing – consent is not always required
News

GDPR and direct marketing – consent is not always required

21 Feb 2019

Disinformation and 'fake news': commentary on the DCMS Committee report
News

Disinformation and 'fake news': commentary on the DCMS Committee report

19 Feb 2019

EU GDPR: Consent is Key
News

Employee monitoring and staff consent

18 Feb 2019

Regulatory cooperation and information sharing
News

Regulatory cooperation and information sharing

14 Feb 2019

Data protection fees and accountability
News

Data Protection Fees and Accountability

08 Feb 2019

Unmasking cybercriminals – why attribution is hard but not always impossible
News

Unmasking cybercriminals – why attribution is hard but not always impossible

07 Feb 2019

First appeal of an Information Notice under new Data Protection Act
News

First appeal of an Information Notice under new Data Protection Act

31 Jan 2019

Adam Rose in RICS Property Journal
News

Adam Rose in RICS Property Journal

24 Jan 2019

What does Brexit mean for data protection: part 2
News

What does Brexit mean for data protection: part 2

04 Jan 2019

What does Brexit mean for data protection?
News

What does Brexit mean for data protection?

21 Dec 2018

Shaping Cities: The multichannel future of retail
News

Shaping Cities: The multichannel future of retail

18 Dec 2018

Shaping Cities: The Changing Face of Retail
Media

Shaping Cities: The Changing Face of Retail

14 Dec 2018

Unlawful marketing and e-receipts
News

Unlawful marketing and e-receipts

11 Dec 2018

Sir Alex Ferguson's Doctors investigated for potential breach of data protection
News

Doctors at hospital which treated Sir Alex Ferguson investigated over data protection breaches

04 Dec 2018

Interpol Announces that South Korean Kim Jong Yang has been Elected President
News

Extradition & International Crime: Interpol Announces that South Korean Kim Jong Yang has been Elected President

04 Dec 2018

Jon Baines on the GDPR definitions of controller & processor
News

Jon Baines on the GDPR definitions of controller & processor

03 Dec 2018

ICO issues first "fines" for failure to pay data protection fee
News

ICO issues first "fines" for failure to pay data protection fee

28 Nov 2018

It's Business. But it's Personal Property: GDPR and Leases
News

It's Business. But it's Personal Property: GDPR and Leases

21 Nov 2018

Jon Baines in The Register
News

Jon Baines in The Register

20 Nov 2018

Directors of spamming and nuisance-calling companies to face regulatory fines of £500,000 from next month
News

Directors of spamming and nuisance-calling companies to face regulatory fines of £500,000 from next month

20 Nov 2018

Data theft in the life sciences industry: the importance of taking decisive, and early, action
News

Data theft in the life sciences industry: the importance of taking decisive, and early, action

20 Nov 2018

ICO prosecution under Computer Misuse Act results in prison sentence
News

ICO prosecution under Computer Misuse Act results in prison sentence

13 Nov 2018

High Court: data protection law and the right to know why a bank account was frozen and then closed
News

High Court: data protection law and the right to know why a bank account was frozen and then closed

05 Nov 2018

ICO makes changes to landmark first GDPR enforcement action
News

ICO makes changes to landmark first GDPR enforcement action

30 Oct 2018

BA website and data breach by Magecart deeper than first thought
News

BA website and data breach by Magecart deeper than first thought

30 Oct 2018

Island of AI: Singapore emerges at the new tech frontier
News

Island of AI: Singapore emerges at the new tech frontier

25 Oct 2018

Thousands of Morrisons staff set for payout after Appeal Court ruling on data leak
News

Thousands of Morrisons staff set for payout after Appeal Court ruling on data leak

23 Oct 2018

Modernising the Audiovisual Media Services Directive: regulating video-sharing platforms and the impact of Brexit
News

Modernising the Audiovisual Media Services Directive: regulating video-sharing platforms and the impact of Brexit

19 Oct 2018

Google+: the importance of notifying users of a data breach
News

Google+: the importance of notifying users of a data breach

10 Oct 2018

The Data Revolution: transforming healthcare now
News

The Data Revolution: transforming healthcare now

04 Oct 2018

NIS Directive: what you need to know right now
News

NIS Directive: what you need to know right now

03 Oct 2018

Jon Baines on Facebook hack
News

Jon Baines on Facebook hack

01 Oct 2018

ICO penalties for failure to pay Data Protection Act Fee – a new stricter regime?
News

ICO penalties for failure to pay Data Protection Act Fee – a new stricter regime?

28 Sep 2018

Adam Rose in The Telegraph on new competition concerns for Google
News

Adam Rose in The Telegraph on new competition concerns for Google

28 Sep 2018

Equifax fined £500,000 for data security breach
News

Equifax fined £500,000 for data security breach

21 Sep 2018

High Court orders Facebook to reveal who was behind unauthorised profile deletion
News

High Court orders Facebook to reveal who was behind unauthorised profile deletion

20 Sep 2018

First UK enforcement action under GDPR and the new Data Protection Act
News

First UK enforcement action under GDPR and the new Data Protection Act

19 Sep 2018

Data protection transfers post-Brexit
News

Data protection transfers post-Brexit

18 Sep 2018

title
News

Changes to Nuisance Calls Regulations

17 Sep 2018

Government Response to Cyber Security Consultation
News

Government response to cyber security consultation

14 Sep 2018

Cities of tomorrow: intelligent, sustainable and data driven
Media

Cities of tomorrow: intelligent, sustainable and data driven

02 May 2018

FUTURE: PropTech 2018 - Keynote by Nick Kirby
Media

FUTURE: PropTech 2018 - Keynote by Nick Kirby

02 May 2018

GDPR
Media

What is GDPR?

27 Mar 2018

GDPR
Media

GDPR - What are your rights?

27 Mar 2018

GDPR
Media

GDPR - What are your obligations?

27 Mar 2018

General Data Protection Regulation and Cyber Security
Event

General Data Protection Regulation and Cyber Security

30 Aug 2017

Significant data breach leads to an undertaking, not a fine
News

Significant data breach leads to an undertaking, not a fine

04 Jul 2017

Brexit: the potential impact
Publication

Brexit: the potential impact

24 Jun 2016

News

LGBT Asylum: In Conversation with the UK Border Agency

01 Jun 2011

News

Mishcon de Reya climbs to 15th in the Financial Times Innovative Lawyers Top 50

21 Oct 2010

Adam Rose

Adam Rose explains Standard Contractual Clauses in Digiday

10/08/2020

Jon Baines discusses ICO fines in The Register

06/08/2020

British Airways hints at massive reduction in proposed GDPR fine

31/07/2020

Sending real estate data to the US and other non-EEA countries is now a major challenge

30/07/2020
How can we help you?

How can we help you?

Subscribe: I'd like to keep in touch

If your enquiry is urgent please call +44 20 3321 7000

Crisis Hotline

Emergency number:

Tel: +44 80 0260 0546

COVID-19 Enquiry

Please enter your first name
Please enter your last name
Please enter your enquiry
Please select a contact method

I'm a client

Please enter your first name
Please enter your last name
Please enter your enquiry
Please enter a value

I'm looking for advice

Please enter your first name
Please enter your last name
Please enter your enquiry
Please select a department
Please select a contact method

Something else

Please enter your first name
Please enter your last name
Please enter your enquiry
Please select your contact method of choice