The task of managing data is becoming increasingly complex for individuals and companies alike. The General Data Protection Regulation (GDPR) is on the horizon and UK entities will be expected to understand the implications and comply with the rules if they provide goods or services to EU citizens.
GDPR significantly increases the rights of citizens to access their data electronically, to have it corrected or deleted and to scrutinise data processing. The penalties for non-compliance have also risen sharply, requiring proper judgement and design to be applied to data collection and rapid notification if data is lost.
We advise our clients on how best to achieve their strategic objectives whilst complying with this evolving regulatory regime.We can highlight gaps in compliance and explain how to implement the policies and procedures needed, as well as dealing with any incidents that may occur.
Our team comprises data protection experts as well as non-lawyer cyber security specialists, allowing us to give the full spectrum of advice. The GDPR regime is likely to introduce both process and technology changes that we can guide our clients through, from the initial data audit and ongoing compliance to industry standard benchmarking techniques.
- Advising an investor in a business that went on to appear on a television reality programme. We used subject access requests to the TV production company to seek to uncover what information had been provided to it in respect of our client. This proved extremely valuable in the shareholder dispute that ultimately successfully settled.
- Advising various individuals connected with an investment who sought to obtain their personal data from a campaigning NGO which our clients believed were holding personal data relating to them. We were testing the scope of the 'journalism exemption' which the NGO claimed enabled it to avoid disclosing that data to our clients. Ultimately, the Information Commissioner decided that the NGO has engaged in 'campaigning journalism' and therefore protected from needing to comply with the Data Protection Act.
- We advised a major property developer on data protection aspects relating to its use of loyalty cards and mobile tracing techniques in respect of its town centre mixed use development.
- Advising a tax payer in relation to his Data Protection and Freedom of Information Act requests made to HMRC, challenging HMRC's interpretation of the meaning of 'personal data' and various exemptions to both the Data Protection Act and Freedom of Information Act.
- Advising a leading charity in relation to an investigation by the Information Commissioner into charity practices concerned with cold calling and data list selling.
- Advising a major online gaming business on its multijurisdictional data protection compliance obligations and its handling of personal data in the context of the Data Protection Act, gambling regulation and historic player terms.
- Advising a publisher in the medical sector on its ability to use sensitive personal data and anonymised and aggregated data under licence from a public sector data provider.
- Advising clients on European data protection and electronic marketing strategies, working with a network of lawyers in other countries to provide EU-wide advice.
- Assisting clients in their dealings with the information commissioner's office in connection with potential enforcement action, and in handling subject access requests and refusals to supply personal data, by or to our clients.
- Advising on and litigating large and high profile data theft cases for corporate clients across numerous sectors.
Our data theft team consists of lawyers from our Fraud, Employment and Reputation Protection departments. In the event of a data theft, we are able to recover and prevent the unlawful use of the data by obtaining powerful injunctions quickly, allowing us to search the defendant’s premises without notice to the data thief, recover the stolen data, seize evidence of wrongdoing and freeze assets. We use this evidence to reach a quick settlement, avoiding protracted and expensive litigation.