Mishcon de Reya page structure
Site header
Main menu
Main content section
Data

Data

GDPR and Data Protection

Since 1 January 2021, the UK GDPR applies to most processing of personal data in the UK (although in some cases, where processing of data subjects in the EU takes place, the GDPR itself will also apply).

The UK GDPR, like the GDPR itself, reaffirms and enhances, sometimes significantly, the rights of citizens and consumers to access their data electronically, to have it corrected or deleted, and to scrutinise data processing. The penalties for non-compliance are potentially severe. Proper judgement and systems need to be applied to data collection, and if data is lost, rapid notification is critical. However, data is also a strategic issue. Choosing what data to collect, how to use it, and how to protect it can bring great benefits. The value of a business can be greatly increased by good data practice.

We advise our clients on how best to achieve their strategic objectives while complying with an evolving regulatory regime. For corporate clients we highlight gaps in compliance, explain how to implement the requisite policies and procedures, resolve incidents and repair reputations. For private clients we identify the most effective ways to exercise and enforce their rights.

Our group comprises experts in data protection, privacy and reputation management, as well as non-lawyer cyber security specialists. It allows us to cover the full spectrum of support and advice, and to do so from the forefront, advising clients on issues such as AdTech, enforcement of data subject rights and cyber security. 

  • Advising on GDPR compliance, including:
    • Policy review, gap analysis and data protection strategy
    • Preparing Data Protection Impact Assessments (DPIAs) Privacy Impact Assessments (PIAs), data protection policies and data processing agreements
    • Preparing Privacy Impact Assessments, data protection policies and data processing agreements
    • Review of cyber security processes and controls to protect data
    • Data breach procedures
    • Subject access request procedures and handling requests, responses, complaints and enforcement
    • Data portability procedures
    • Advising on direct marketing and compliance with privacy regulation
  • Multi-disciplinary approach to cyber security and data breaches
  • Managing claims before the Courts in relation to data protection, data theft and privacy issues, and investigations by the Information Commissioner's Office
  • Advising on issues of data protection and privacy in relation to reputation management

Mishcon de Reya is acting for a client, Jenny, seeking to challenge the legislation relating to the Foreign Account Tax Compliance Act ("FATCA") which she believes breaches her fundamental rights to data protection and privacy.

Under FATCA, banks are required to send all personal and financial information of any US citizens to US authorities on an annual basis independent of any actual US tax liability. All it takes is for an American citizen to have a bank account outside of America.

Our approach in summary.

Work highlights
Work highlight

Subject requests

Representing businesses and not-for-profits on handling subject requests

Work highlight

Court proceedings

Acting for individuals in bringing court proceedings against governmental bodies, banks and other organisations

Work highlight

ICO dealings

Assisting clients in their dealings with the Information Commissioner's Office in connection with potential enforcement action, and in handling subject access requests and refusals to supply personal data, by or to our clients

Work highlight

Advising clients

Advising clients on European data protection and electronic marketing strategies, working with a network of lawyers in other countries to provide EU-wide advice

Work highlight

Communication provider

Advising a provider of a communications platform in a regulated sector on its GDPR compliance, and that of its market competitors

Work highlight

Medical publisher

Acting for a medical publisher on its ability to use sensitive personal data and anonymised and aggregated data under licence from a public sector data provider

Work highlight

Major online gaming business

Representing a major online gaming business on its multijurisdictional data protection compliance obligations and its handling of personal data in the context of the Data Protection Act, gambling regulation and historic player terms, and under GDPR, as well as on its direct marketing practices and plans

Work highlight

Leading charity

Advising a leading charity in relation to an Information Commissioner investigation into charity practices concerned with cold calling and data list selling

Work highlight

Major property developer

Advising a major property developer on data protection aspects of loyalty cards and mobile tracing techniques

Services
Sectors
Latest
News

Pro-innovation regulation of digital technologies – the Government approach

News

High Court awards substantial damages in first "image-based abuse" privacy case

News

The "new" Data Protection reform Bill - same as the old Bill?

News

ICO publishes new "top tips" for games designers

News

Jon Baines speaks at parliamentary event on FOI and records management

News

ICO takes action on facial recognition in schools

Person's hands on laptop in dark room News

Cyberattacks against schools: what you need to know

News

Is the UK riding on the EU’s coat tails when it comes to data adequacy?

glowing padlock on technology background News

The Online Safety Bill: What next? The Digest

Africa House main entrance News

Mishcon de Reya recognised in Global Data Review's Global Elite 2023 rankings

News

More than one third of personal data breaches reported “late” to ICO

Data protection abstract image News

Information Commissioner gives keynote speech at Mishcon de Reya office

Twitter Logo on a Samsung phone News

Rapid Twitter developments raise concerns about online safety

Abstract technology News

Mishcon de Reya to host National Association of Data Protection Officers conference

abstract glass building News

Adam Rose on Tesco's collection of customer data for the Financial Times

Data Protection symbols News

Uncertainty over data protection reform

abstract lines News

ICO continues to bare teeth over data rights infringements

Abstract technology dark lines News

Government urged to take action to protect UK citizens' information rights

News

Data Protection Reform progress paused

News

Information Commissioner investigates collection of criminal barristers' names

How can we help you?
Help

How can we help you?

Subscribe: I'd like to keep in touch

If your enquiry is urgent please call +44 20 3321 7000

Crisis Hotline

I'm a client

I'm looking for advice

Something else