Cordery

Legal.Compliance.

Data Protection & Privacy

Data Protection and Privacy laws across Europe regulate the way in which we handle data. They establish a set of rules for handling data and give individuals a right to know what information is held about them. We can advise you on everything to do with the application of and compliance with the data protection rules across Europe.

We have done lots of work on data transfers too, especially the challenges of transferring data from Europe to the US. We’ve advised clients on the issues relating to the Schrems decision and challenges to Safe Harbor by German regulators. We have helped clients put in place data transfer schemes to replace their reliance on Safe Harbor after the 6th October 2015 ruling.

The Privacy Shield scheme was proposed in February 2016 to replace the Safe Harbor scheme which was struck down by the European Court of Justice (ECJ) in the first Schrems case (sometimes known as Schrems 1) in October 2015. The scheme opened for business on 1 August 2016 and we have since assisted numerous clients with the redrafting of their privacy policies as Privacy Shield has some quite detailed requirements on what a privacy policy should say.

We have also been advising clients on the right to be forgotten following the ruling in the Google case. Our lawyers have been advising our clients on procedures to deal with right to be forgotten requests and we’ve helped them decide difficult cases. We have also successfully defended clients in threatened litigation to enforce right to be forgotten requests.

We’re also been at the forefront of advising businesses on the EU Regulation (commonly known as GDPR) through our videos, podcasts, client alerts, tailored white papers and speaking at events and advisory boards. We’ve advised clients on the consequences of GDPR and helped put policies and procedures in place to deal with the changes. We’ve assisted our clients in planning their GDPR strategy and we have helped them train employees on the new laws. We have also worked with suppliers of goods and services to help them focus their operations and have provided specialist support to project development teams.

We have also played a leading role in stamping out some of the false rumours that have been spreading about GDPR – you can find out more on this in our blog and film http://www.corderycompliance.com/gdpr-fake-news/

We have also developed solutions such as Cordery GDPR Navigator to assist clients to tackle possibly their biggest compliance project for the next few years. You can learn more about this solution by accessing this link http://www.corderycompliance.com/solutions/cordery-gdpr-navigator/

We have also introduced GDPR Headway which helps clients get started on their GDPR projects. This is done using a 3 step approach of assessing the GDPR readiness of the client, setting up a GDPR action plan that lays out key actions to be undertaken and who should own these processes, and a review process to keep abreast of the latest guidance. This has been successfully implemented in a number of our clients with impressive results.

In addition, we have recently launched an exciting new product that combines our legal expertise around GDPR with intelligent software developed with LexisNexis. Breach Navigator helps Data Protection Officers and their teams deal with potential and actual data breaches in a consistent, informed manner using the very latest best-practice techniques. You can learn more about the tool here http://www.corderycompliance.com/solutions/breach-navigator/

We develop innovative ways of dealing with data protection issues including our end to end managed privacy policy solution. We have also advised clients and their lawyers on the data protection aspects of investigations and ediscovery.

We can also help you work through your compliance obligations when using new technology including:

  • dealing with subject access requests
  • dealing with data breaches and reporting to regulators
  • document review for investigations and ediscovery
  • marketing (including consents)
  • apps
  • cloud computing
  • employee monitoring
  • mobile working and BYOD
  • mobile payments systems
  • tracking technologies
  • cookies
  • RFID
  • e-commerce
  • Internet of things
  • Our data protection team has completed work in the following industries:
  • Dealing with a series of Subject Access Requests in the health sector which involved proceedings being issued in the UK to enforce the subject access right. Those proceedings were settled on what our client believes to be acceptable terms.
  • Helping manage a complicated and contentious subject access request for a household name organisation.
  • Advising on data transfer post Safe Harbor including on data transfer agreements, notices, new processes and Binding Corporate Rules.
  • Helping a well-known industry association develop its policy on proposed changes to EU data protection laws representing a wide range of some of the world’s largest technology businesses. We have produced a short (4 minute) film on some of those changes here.
  • Developing a Privacy Impact Assessment (PIA) process for a well-known client in healthcare. The process is used to risk assess all of their new uses of personal data.
  • Helping a spin-out chemicals business design it’s data protection strategy. The program included mapping out a new global program, in-country data protection registrations, a new website privacy policy, new internal policies and training. The program was designed to fit in with the data protection strategy of the client’s new owner, a major bank.
  • Advising on the implementation of helplines including ensuring the scope of the helpline meets data protection and data export laws and securing necessary registrations.
  • Successfully defending three right to be forgotten claims for a client involved in the financial services sector.
  • Developing a Data Protection Impact Assessment (DPIA) process for a well known client in financial services. This process is used to risk assess all of their new uses of personal data including new financial services products coming on stream.
  • Advising on data protection implications of e-discovery in US court proceedings and in meeting information requests in arbitrations.
  • Advising a financial services organisation on its obligations to meet subject access requests from former employees suspected of criminal wrongdoing.
  • Advising a leading chemicals company on its data protection issues including data security, responding to a security breach, advising on Works Council consultations and managing a program for them to join the US-EU Safe Harbor program.
  • Advising a US-listed e-commerce platform in developing its data protection strategy and ongoing advice including helping them manage subject access requests, dealing with regulatory investigations, helping them manage information requests from investigatory and other bodies.
  • Advising a well known high-end brand on a security breach following a break-in at its flagship store.
  • Working with one of America’s largest retailers on their new privacy program. The work involved managing a global program of audit, risk reduction and training to improve global privacy, data-protection and data security compliance.
  • Advising a leading e-commerce company on responding to a hostile subject access request, under regulator supervision, after employees at the company made serious allegations against a third party.
  • Advising a leading fashion brand on their move into Europe including advice on one to one in-store marketing in the UK, France and Italy.
  • Risk audit for a medical devices company including data protection and data security.
  • Privacy program for a US based clinical research organisation.
  • Advice on data transfer for a leading North American bank.
  • Preliminary advice in connection with data storage laws in a number of European jurisdictions and Russia.
  • Auditing a non-departmental public body for data protection and freedom of information compliance, including interviewing staff, reviewing documentation and systems, producing a report of findings and recommended compliance improvement plan, followed by implementing that plan.
  • Advising a major US retailer on compliance issues arising from its entry to the UK, including in relation to data collection and marketing using that data.
  • Advising a range of clients on data breach strategies, both before and after breaches have occurred.
  • Advice on the setting up of PeopleSoft and other online HR programs in Europe, including data protection and Works Council issues.
  • Advising one of the world’s largest media companies on its data-retention strategy.

 

Contact a Cordery Specialist +44(0)207 118 2700 | Contact Us

Cordery is a trading name of Cordery Compliance Limited. Authorised and regulated by the Solicitors Regulation Authority.
SRA number 608187. Company number 07931532 registered in England and Wales. VAT number: 730859520
Registered office: Lexis House, 30 Farringdon Street, London, EC4A 4HH, United Kingdom

Cordery Compliance Limited trading as Cordery provides some products and services which are not regulated by the Solicitors Regulation Authority; we will clearly state this to you if this is the case.

We use the word “partner” to refer to a shareowner or director of the company, or an employee or consultant who is a lawyer with equivalent standing and qualifications.

Cordery is a registered trademark of Reed Elsevier (UK) Limited, used under license. The Knowledge Burst logo is a registered trademark of Reed Elsevier Properties Inc., used under license.

Copyright © 2019 Cordery. All rights reserved.