The fine line: unlocking data value and compliance
The regulatory landscape relating to personal data and privacy is ever evolving and new technologies present new challenges as well as opportunities.
At Michelmores, our experts work with a wide range of clients across many sectors helping them to keep ahead of developing regulation whilst making the best use of their data assets and new technologies.
Our commercially-minded advisers help clients find practical solutions to stay compliant with data protection and other applicable laws so that they can confidently move forward with their wider business priorities.
Holistic and pragmatic legal advice
Our approach is simple – to empower our clients to take advantage of the opportunities the data economy offers while meeting their compliance requirements.
Our dedicated Data Protection & Privacy team brings decades of expertise and knowledge of a wide range of sectors, including technology & innovation, consumer brands and energy, to ensure every client receives tailored advice.
To ensure that we deliver holistic support, our cross-practice team also draws on specialists from across the firm, including from our Corporate, Commercial, Employment and Regulatory Disputes teams and a number of us are members of the International Association of Privacy Professionals.
We advise on:
- All aspects of data protection and privacy law including the UK GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
- Data sharing arrangements and agreements with data processors.
- Multi-jurisdictional and domestic data transfers including international data transfers.
- The appropriate collection of consents and other lawful bases for processing of personal data.
- Internal policies and procedures including internal data protection handbooks, data protection impact assessments, legitimate interests assessments and international data transfer assessments.
- Incident management following data breaches and notifications of data breaches to the Information Commissioner’s Office and other regulators as well as management of communications with affected clients and customers.
- Complex Subject Access Requests and their use in relation to litigation and Employment Tribunal proceedings
- Enforcement actions.
- Compensation claims brought by Claims Management companies in relation to breaches of personal data.
- Developing training programmes for clients on data protection and privacy compliance.
- Direct marketing and e-commerce.
- Claims brought in respect of unauthorised cookies.
- The data protection implications of the ad-tech industry and the targeting of online ads to individuals.
- Patient data issues in the health and social care sector.
- The use of personal data in AI and other novel technologies.
- The use of children’s data and online safety.
- The use of surveillance, facial recognition and biometric technologies.
- The Freedom of Information Act 2000 (FOIA) and the Environmental Information Regulations 2004 (EIR), including advising on applicable exemptions in respect of requests made under FOIA and EIR and appeals to the Information Commissioner’s Office.