Mishcon de Reya page structure
Site header
Main menu
Main content section


GDPR and Data Protection

Since 1 January 2021, the UK GDPR applies to most processing of personal data in the UK (although in some cases, where processing of data subjects in the EU takes place, the GDPR itself will also apply).

The UK GDPR, like the GDPR itself, reaffirms and enhances, sometimes significantly, the rights of citizens and consumers to access their data electronically, to have it corrected or deleted, and to scrutinise data processing. The penalties for non-compliance are potentially severe. Proper judgement and systems need to be applied to data collection, and if data is lost, rapid notification is critical. However, data is also a strategic issue. Choosing what data to collect, how to use it, and how to protect it can bring great benefits. The value of a business can be greatly increased by good data practice.

We advise our clients on how best to achieve their strategic objectives while complying with an evolving regulatory regime. For corporate clients we highlight gaps in compliance, explain how to implement the requisite policies and procedures, resolve incidents and repair reputations. For private clients we identify the most effective ways to exercise and enforce their rights.

Our group comprises experts in data protection, privacy and reputation management, as well as non-lawyer cyber security specialists. It allows us to cover the full spectrum of support and advice, and to do so from the forefront, advising clients on issues such as AdTech, enforcement of data subject rights and cyber security. 

  • Advising on GDPR compliance, including:
    • Policy review, gap analysis and data protection strategy
    • Preparing Data Protection Impact Assessments (DPIAs) Privacy Impact Assessments (PIAs), data protection policies and data processing agreements
    • Preparing Privacy Impact Assessments, data protection policies and data processing agreements
    • Review of cyber security processes and controls to protect data
    • Data breach procedures
    • Subject access request procedures and handling requests, responses, complaints and enforcement
    • Data portability procedures
    • Advising on direct marketing and compliance with privacy regulation
  • Multi-disciplinary approach to cyber security and data breaches
  • Managing claims before the Courts in relation to data protection, data theft and privacy issues, and investigations by the Information Commissioner's Office
  • Advising on issues of data protection and privacy in relation to reputation management

Mishcon de Reya is acting for a client, Jenny, seeking to challenge the legislation relating to the Foreign Account Tax Compliance Act ("FATCA") which she believes breaches her fundamental rights to data protection and privacy.

Under FATCA, banks are required to send all personal and financial information of any US citizens to US authorities on an annual basis independent of any actual US tax liability. All it takes is for an American citizen to have a bank account outside of America.

Our approach in summary.

How can we help you?

How can we help you?

Subscribe: I'd like to keep in touch

If your enquiry is urgent please call +44 20 3321 7000

Crisis Hotline

I'm a client

I'm looking for advice

Something else