Michelmores Michelmores
Michelmores Michelmores
Data protection Data protection
Home > Business > Data Protection & Privacy

They are pragmatic, commercial and responsive and we get a lot of engagement with the partners.

CHAMBERS UK 2026

We work closely with the Michelmores commercial team, they are responsive, commercial, and pragmatic. We get a lot of partner engagement, and they deliver timely, high-quality work. The team has strong gender diversity and is excellent at building good rapport with business teams.

Legal 500 2026

The uniqueness of Michelmores is its connectedness. Through its many sector teams, networks, and initiatives that it is part of or leads, it has been able to stay current and relevant across all areas. This adds value to our interactions with them, as it amplifies their solutions.

Legal 500 2026

The individuals that work with at Michelmores have an impressive understanding of our industry. That leading edge expertise is key to us, as we rely on their knowledge to deliver our own value to our clients.

LEGAL 500 2026

The team covers a wide range of fields, from corporate advice to contracts. They have a practical approach to working through negotiations alongside clients and able to take a commercial view when necessary

Legal 500 2026

The team have a pragmatic, commercial approach and have lots of experience in geospatial data licensing. Overall, they are timely and responsive, giving clear guidance and flagging areas of concern.

Legal 500 2025

Great experience and insight which includes detailed knowledge of public procurement which was a significant advantage from our perspective.

Legal 500 2025

The fine line: unlocking data value and compliance

The regulatory landscape relating to personal data and privacy is ever evolving and new technologies present new challenges as well as opportunities.

At Michelmores, our experts work with a wide range of clients across many sectors helping them to keep ahead of developing regulation whilst making the best use of their data assets and new technologies.

Our commercially-minded advisers help clients find practical solutions to stay compliant with data protection and other applicable laws so that they can confidently move forward with their wider business priorities.

Our approach is simple – to empower our clients to take advantage of the opportunities the data economy offers while meeting their compliance requirements.

Our dedicated Data Protection & Privacy team brings decades of expertise and knowledge of a wide range of sectors, including technology & innovation, consumer brands and energy, to ensure every client receives tailored advice.

To ensure that we deliver holistic support, our cross-practice team also draws on specialists from across the firm, including from our Corporate, Commercial, Employment and Regulatory Disputes teams and a number of us are members of the International Association of Privacy Professionals.

We are experienced in the application of AI and technology solutions to assist with document review for Data Subject Access Requests and part of our offering to clients is a creative, fixed fee solution to help them handle DSARs from customers and employees in an efficient and commercial way.

DSARs Creative Solutions
Data Protection Training and Support

We advise on:

  • All aspects of data protection and privacy law including the UK GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
  • Data sharing arrangements and agreements with data processors.
  • Multi-jurisdictional and domestic data transfers including international data transfers.
  • The appropriate collection of consents and other lawful bases for processing of personal data.
  • Internal policies and procedures including internal data protection handbooks, data protection impact assessments, legitimate interests assessments and international data transfer assessments.
  • Incident management following data breaches and notifications of data breaches to the Information Commissioner’s Office and other regulators as well as management of communications with affected clients and customers.
  • Complex Subject Access Requests and their use in relation to litigation and Employment Tribunal proceedings including via the use of our creative, fixed fee solution implementing AI technology for comprehensive DSAR management.
  • Enforcement actions.
  • Compensation claims brought by Claims Management companies in relation to breaches of personal data.
  • Developing training programmes for clients on data protection and privacy compliance.
  • Direct marketing and e-commerce.
  • Website operators’ obligations in connection with the use of cookies or other tracking devices, privacy policies and cookies policies.
  • Claims brought in respect of unauthorised cookies.
  • The data protection implications of the ad-tech industry and the targeting of online ads to individuals.
  • Patient data issues in the health and social care sector.
  • The use of personal data in AI and other novel technologies.
  • The use of children’s data and online safety.
  • The use of surveillance, facial recognition and biometric technologies.
  • The Freedom of Information Act 2000 (FOIA) and the Environmental Information Regulations 2004 (EIR), including advising on applicable exemptions in respect of requests made under FOIA and EIR and appeals to the Information Commissioner’s Office.

Areas of focus

Commercial
Commercial & Regulatory Disputes
Competition, Regulatory Compliance & Investigations
Cyber Security
Defamation & Reputation Management for Individuals
Employment
Technology & Innovation

Related areas

Antitrust & Regulatory
Betting & Gaming
Consumer Brands
Corporate
Employment
FinTech
Intellectual Property
Personal Disputes
Social Media

Data Protection & Privacy news

View more
Teenage girl at home looking at social media on her cell phone while lying on the couch
Insight
Data protection regulator tightens the net on age assurance
Person using AI chatbot
Insight
Does using AI waive legal privilege?
ICO guidance explained: the new data protection complaints regime from June 2026
Insight
ICO guidance explained: the new data protection complaints regime from June 2026
businesswoman using smart phone ,Social, media
Insight
Reddit fined £14.47m for child data breaches: a wake‑up call for online platforms
Series: AI in Employment Law – AI and the Employment Life Cycle: Attracting, recruiting and onboarding talent
Insight
Series: AI in Employment Law - AI and the Employment Life Cycle: Attracting, recruiting and onboarding talent
Young well dressed businesswoman working at the office
Insight
The Data (Use and Access) Act is now in force: unlocking value in data
Women works on computer looking at data
Insight
Dealing with sensitive personal data
A Wake-Up Call: Lessons from the M&S, Harrods and Co-op cyber attacks
Insight
A Wake-Up Call: Lessons from the M&S, Harrods and Co-op cyber attacks
Data Center Programmer Using Digital Laptop Computer
Insight
Changes to data protection law introduced by the Data (Use and Access) Bill
Two technology professionals work diligently in a bright office setting, one focusing on a laptop while the other engages with a large monitor
Insight
Data protection: 10 key points for early-stage and scale-up businesses

Key Contacts

View all people
Anne Todd
Anne Todd
Partner
Emily Aggett
Emily Aggett
Managing Associate

Team

Chloe Vernon-Shore
Chloe Vernon-Shore
Partner
Tom Torkar
Tom Torkar
Partner
James Baker
James Baker
Partner
Jayne Clemens
Jayne Clemens
Partner
Rachael Lloyd
Rachael Lloyd
Partner
Philippa Collison
Philippa Collison
Managing Associate
Nathaniel Lane
Nathaniel Lane
Senior Associate
Philip Mole
Philip Mole
Senior Associate
Lorenza Picciano
Lorenza Picciano
Associate
Moya Smith
Moya Smith
Associate
Tatiana Menezes
Tatiana Menezes
Associate
How can we direct you?
I would like advice I know who to contact I'd like office information Something else