Data Protection and Privacy laws across Europe regulate the way in which we handle data. They establish a set of rules for handling data and give individuals a right to know what information is held about them. We can advise you on everything to do with the application of and compliance with the data protection rules across Europe – including the EU and UK GDPR regimes.
We have done lots of work on data transfers too, especially the challenges of transferring data from Europe to the US. We’ve advised clients on the issues relating to the collapse of Safe Harbor and Privacy Shield and their replacement with the new Data Protection Framework. We’ve helped clients using Standard Contractual Clauses and their data adequacy assessments.
We have also been advising clients on the right to be forgotten. Our lawyers have been advising our clients on procedures to deal with right to be forgotten requests and we’ve helped them decide difficult cases. We have also successfully defended clients in threatened litigation to enforce right to be forgotten requests.
We’re also been at the forefront of advising businesses on the GDPR from the very first proposals for a new law in 2012 through our videos, podcasts, client alerts, tailored white papers and speaking at events and advisory boards. We’ve advised clients on the consequences of GDPR and helped put policies and procedures in place to deal with the changes. We’ve assisted our clients in planning their GDPR strategy and we have helped them train employees. We have also worked with suppliers of goods and services to help them focus their operations and have provided specialist support to project development teams.
We have also played a leading role in stamping out some of the false rumours that have been spreading about GDPR – you can find out more on this in our blog and film http://www.corderycompliance.com/gdpr-fake-news/
We have also developed solutions such as Cordery GDPR Navigator to help clients keep up-to-date with a call each month summarizing developments across the EU & UK. You can find out more about this solution by accessing this link http://www.corderycompliance.com/solutions/cordery-gdpr-navigator/
We have also introduced GDPR Headway which helps check their GDPR compliance. This is done using a 3 step approach of assessing the GDPR readiness of the client, setting up a GDPR action plan that lays out key actions to be undertaken and who should own these processes, and a review process to keep abreast of the latest guidance. This has been successfully implemented in a number of our clients with impressive results.
In addition, we’ve been working on a new product that combines our legal expertise around GDPR with intelligent software developed with LexisNexis. Cordery Breach Navigator helps Data Protection Officers and their teams deal with potential and actual data breaches in a consistent, informed manner using the very latest best-practice techniques. You can learn more about the tool here http://www.corderycompliance.com/solutions/breach-navigator/
We can also help you work through your compliance obligations when using new technology including:
- dealing with subject access requests
- dealing with data breaches and reporting to regulators
- cookie compliance (including defending clients in regulatory complaints)
- defending proposed class actions
- document review issues for investigations and eDiscovery
- Data Protection Impact Assessments
- marketing (including consents)
- cloud computing
- employee monitoring
- home working, mobile working and BYOD
- mobile payments systems
- tracking technologies
Internet of Things
Our data protection team has completed work in the following industries:
- Financial Services
- Leisure & hotels
- Oil & Gas
Recent cases include:
- Handling an aggressive Subject Access Request in the oil & gas sector from a former employee.
- Dealing with threatened civil actions in connection with cookies and data transfer.
- Helping a private-equity backed information services provider get ready for sale. Our work included a comprehensive data protection program which significantly increased the sale price.
- Dealing with a series of Subject Access Requests in the health sector which involved proceedings being issued in the UK to enforce the subject access right. Those proceedings were settled on what our client believes to be acceptable terms.
- Supporting a UK listed entity in data issues related to the departure of a senior individual including liaising with a regulator in connection with a criminal investigation into that individual’s conduct.
- Helping manage a complicated and contentious Subject Access Request for a household name organisation.
- Advising on data transfer post Privacy Shield including on data transfer agreements, notices, new processes and Binding Corporate Rules.
- Helping a well-known industry association develop its policy on proposed changes to EU data protection laws representing a wide range of some of the world’s largest technology businesses.
- Developing a Data Protection Impact Assessment (DPIA) process for a well-known client in healthcare. The process is used to risk assess all of their new uses of personal data.
- Advising on the implementation of helplines including ensuring the scope of the helpline meets data protection and data export laws and securing necessary registrations.
- Successfully defending three right to be forgotten claims for a client involved in the financial services sector.
- Developing a DPIA process for a well known client in financial services. This process is used to risk assess all of their new uses of personal data including new financial services products coming on stream.
- Advising on data protection implications of e-discovery in US court proceedings and in meeting information requests in arbitrations.
- Advising a financial services organisation on its obligations to meet Subject Access Requests from former employees suspected of criminal wrongdoing.
- Advising a leading chemicals company on its data protection issues including data security, responding to a security breach, advising on Works Council consultations and data transfer.
- Advising a US-listed e-commerce platform in developing its data protection strategy and ongoing advice including helping them manage data subject requests, dealing with regulatory investigations, helping them manage information requests from investigatory and other bodies.
- Advising a well known high-end brand on a security breach following a break-in at its flagship store.
- Working with one of America’s largest retailers on their new privacy program. The work involved managing a global program of audit, risk reduction and training to improve global privacy, data-protection and data security compliance.
- Advising a leading e-commerce company on responding to a hostile Subject Access Request, under regulator supervision, after employees at the company made serious allegations against a third party.
- Advising a leading fashion brand on their move into Europe including advice on one to one in-store marketing in the UK, France and Italy.
- Risk audit for a medical devices company including data protection and data security.
- Privacy program for a US based clinical research organisation.
- Advice on data transfer for a leading North American bank.
- Preliminary advice in connection with data storage laws in a number of European jurisdictions and Russia.
- Auditing a non-departmental public body for data protection and freedom of information compliance, including interviewing staff, reviewing documentation and systems, producing a report of findings and recommended compliance improvement plan, followed by implementing that plan.
- Advising a major US retailer on compliance issues arising from its entry to the UK, including in relation to data collection and marketing using that data.
- Advising a range of clients on data breach strategies, both before and after breaches have occurred.
- Advice on the setting up of PeopleSoft and other online HR programs in Europe, including data protection and Works Council issues.
- Advising one of the world’s largest media companies on its data-retention strategy.