Main content section

Data

Find an expert Get in touch

We defend the data rights of businesses and individuals.

Our specialist team can guide you through privacy and data protection issues at every stage, whether you need an end-to-end GDPR compliance project, strategic guidance on launching a new AI tool, or are looking to start or defend a data protection claim. We also offer outsourced DPO as a service, cybersecurity incident response, UK & EU Representative services as well as support with the business or personal impact of data protection breaches.

We advise our clients on how best to achieve their strategic objectives while complying with an evolving regulatory regime. For organisations, we assess and help fix gaps in compliance, resolve incidents and repair reputations. For private clients we identify the most effective ways to exercise and enforce their rights.

We're proud of our multi-disciplinary group, which enables us to cover the full spectrum of support and ensure you're never on your own if you need urgent support with a data protection issue.

Data Matters

Your insight into information law, see the latest here.

Data Disputes

Data Protection Officer

Strategic Data Advisory and Transactional Work

DSAR support

Mishcon REGULATE

Mishcon REGULATE is designed to make life simpler and more efficient, to ease the complexities of regulation, with one point of contact, one seamless plan, one monthly invoice.

online safety padlock — Online Safety hub

Making the UK "the safest place in the world to be online": the new legislative landscape

Guides

International transfers: standard contractual clauses handbook

Find out more
Data protection impact assessment

In the ever-evolving landscape of data protection, organisations are increasingly required to be proactive in safeguarding personal data. A Data Protection Impact Assessment (DPIA) is an essential tool, serving as a process to help identify and minimise the data protection risks of a project or processing activity.
Download

Work highlights

Work highlight

Assisting clients

Assisting clients in their dealings with the Information Commissioner's Office in connection with potential enforcement action, and in handling subject access requests and refusals to supply personal data, by or to our clients

Work highlight

Online gaming business

Representing a major online gaming business on its multijurisdictional data protection compliance obligations and its handling of personal data in the context of the Data Protection Act, gambling regulation and historic player terms, and under GDPR, as well as on its direct marketing

Work highlight

Advising an investor

Advising an investor corporate on handling difficult subject access requests made by directors of a hostile target business

Work highlight

Pharmaceutical company

Acting for a pharmaceutical company whose processor suffered a data hack and advising on notification and other GDPR matters

Work highlight

Lloyd v Google

Acting for Richard Lloyd as representative claimant against Google in respect of the 'Safari Workaround', which enabled Google to access iPhone users' surfing histories to serve targeted adverts

Work highlight

Claimant taxpayer

Advising a claimant taxpayer on a disputed subject matter access request made to HMRC, resulting in his gaining considerable understanding of the internal file structures and processes adopted

Work highlight

Commodities wholesaler

Representing a wholesaler in the commodities market on local compliance considerations across some 30 countries

Work highlight

Recruitment client

Advising on multi-jurisdictional data handling arrangements for a client in the recruitment sector

Mishcon provides practical, business-oriented legal advice.
Chambers and Partners, 2025

They have a clear understanding of the technology and risk related to the industry we operate in. They tailor their advice based on this, which makes it much easier to implement.
Chambers and Partners, 2025

They are just super helpful and accommodating all of the time. Mishcon is super practical and helpful.
Chambers and Partners, 2025

The firm is extremely able.
Chambers and Partners, 2025

They are able to identify incredibly clever data protection arguments and pick them apart.
Chambers and Partners, 2025

The Mishcon data privacy team provides a unique combination of subject matter expertise with clear and practical advice.
Legal 500, 2025

The team has taken the time to know and understand our business, which makes them significantly more effective in bringing the right advice to the particular issue at hand.
Legal 500, 2025

Mishcon have a very capable data protection team with good experience across a variety of sectors. They also understand the intersection between data and other types of regulations.
Legal 500, 2025

They provide excellent quality advice which factors in commercial and other factors.
Legal 500, 2025

Very friendly. Extremely hard working.
Legal 500, 2025

They have a strong sense of what is achievable in a commercial environment.
Chambers and Partners, 2024

Friendly people to work with. Fast turn around on everything. Tactically astute. Will take every point to advance the client’s case.
Legal 500, 2024

Good practical advice based on excellent understanding of the law and commercial requirements.
Legal 500, 2024

Their expertise in the field, and their communication, is great. I always had the feeling that they were fighting very hard for me and that they were much better at what they do than the government department we were dealing with.
Legal 500, 2024

In-depth knowledge of the area of law (data protection), their experience and their strategic advice. Brilliant to work with – communication fantastic.
Legal 500, 2024