Data Protection and Privacy laws across Europe regulate the way in which we handle data. They establish a set of rules for handling data and give individuals a right to know what information is held about them. We can advise you on everything to do with the application of and compliance with the data protection rules across Europe.
We have done lots of work on data transfers too, especially the challenges of transferring data from Europe to the US. We’ve been busy this year advising clients on the issues relating to the Schrems decision and challenges to Safe Harbor by German regulators. We have helped clients put in place data transfer schemes to replace their reliance on Safe Harbor after the 6th October 2015 ruling.
We have also been advising clients on the right to be forgotten following the ruling in the Google case. Our lawyers have been advising our clients on procedures to deal with right to be forgotten requests and we’ve helped them decide difficult cases. We have also successfully defended clients in threatened litigation to enforce right to be forgotten requests.
We’re also at the forefront of advising businesses on the proposed EU Regulation (commonly known as GDPR). We’re advising clients on the likely consequences and helping them put policies and procedures in place now to deal with the changes which are likely to come in. We have helped our clients plan out their GDPR strategy and we have helped them train employees on the new laws. We have also worked with suppliers of goods and services to help them focus their operations including producing tailored white papers, speaking at events and advisory boards, producing films and providing specialist support to project development teams.
We can also help you work through your compliance obligations when using new technology including:
- dealing with subject access requests
- document review for investigations and ediscovery
- marketing (including consents)
- cloud computing
- employee monitoring
- mobile working and BYOD
- mobile payments systems
- tracking technologies
- Internet of things
Our data protection team has completed work in the following industries:
- Financial Services
- Leisure & hotels
- Oil & Gas
- Dealing with a series of Subject Access Requests in the health sector which involved proceedings being issued in the UK to enforce the subject access right. Those proceedings were settled on what our client believes to be acceptable terms.
- Helping manage a complicated and contentious subject access request for a household name organisation.
- Advising on data transfer post Safe Harbor including on data transfer agreements, notices, new processes and Binding Corporate Rules.
- Helping a well-known industry association develop its policy on proposed changes to EU data protection laws representing a wide range of some of the world’s largest technology businesses. We have produced a short (4 minute) film on some of those changes here.
- Developing a Privacy Impact Assessment (PIA) process for a well-known client in healthcare. The process is used to risk assess all of their new uses of personal data.
- Advising on the implementation of helplines including ensuring the scope of the helpline meets data protection and data export laws and securing necessary registrations.
- Successfully defending three right to be forgotten claims for a client involved in the financial services sector.
- Developing a Data Protection Impact Assessment (DPIA) process for a well known client in financial services. This process is used to risk assess all of their new uses of personal data including new financial services products coming on stream.
- Advising on data protection implications of e-discovery in US court proceedings and in meeting information requests in arbitrations.
- Advising a financial services organisation on its obligations to meet subject access requests from former employees suspected of criminal wrongdoing.
- Advising a leading chemicals company on its data protection issues including data security, responding to a security breach, advising on Works Council consultations and managing a program for them to join the US-EU Safe Harbor program.
- Advising a US-listed e-commerce platform in developing its data protection strategy and ongoing advice including helping them manage subject access requests, dealing with regulatory investigations, helping them manage information requests from investigatory and other bodies.
- Advising a well known high-end brand on a security breach following a break-in at its flagship store.
- Working with one of America’s largest retailers on their new privacy program. The work involved managing a global program of audit, risk reduction and training to improve global privacy, data-protection and data security compliance.
- Advising a leading e-commerce company on responding to a hostile subject access request, under regulator supervision, after employees at the company made serious allegations against a third party.
- Advising a leading fashion brand on their move into Europe including advice on one to one in-store marketing in the UK, France and Italy.
- Risk audit for a medical devices company including data protection and data security.
- Privacy program for a US based clinical research organisation.
- Advice on data transfer for a leading North American bank.
- Preliminary advice in connection with data storage laws in a number of European jurisdictions and Russia.
- Auditing a non-departmental public body for data protection and freedom of information compliance, including interviewing staff, reviewing documentation and systems, producing a report of findings and recommended compliance improvement plan, followed by implementing that plan.
- Advising a major US retailer on compliance issues arising from its entry to the UK, including in relation to data collection and marketing using that data.
- Advising a range of clients on data breach strategies, both before and after breaches have occurred.
- Advice on the setting up of PeopleSoft and other online HR programs in Europe, including data protection and Works Council issues.
- Advising one of the world’s largest media companies on its data-retention strategy.