Data Protection & Privacy Legal Services

Data Protection and Privacy

Regardless of what your business does, we live in a world where data is one of a business's most valuable assets.  In an age of tracking devices, an active regulator, published security breaches and individuals' increasing awareness of their legal rights, it is vital that businesses are on top of the regularly evolving data protection, privacy and information security laws.  

Michelmores' award-winning Technology, Media and Communications team has an expert team of lawyers advising on all aspects of privacy, data protection and information management and security.  Our specialist advice ranges from drafting all necessary arrangements in a business to ensure that they are compliant with the latest data protection laws to engaging with the Information Commissioner's Office to manage and minimise the effect of non-compliance by a business.

We advise on: 

  • All aspects of data protection and privacy law including the Data Protection Act 1998, the General Data Protection Regulation 2016, the Privacy and Electronic Communications  (EC Directive) Regulations 2003, Freedom of Information Act 2000 and the Environmental Information Regulations 2004.
  • Data processing agreements and clauses.
  • Multi-jurisdictional and domestic data transfers including transfers of personal and sensitive personal data to countries within and outside of the EEA.
  • Privacy Shield.
  • The appropriate collection of consents under the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
  • Website operators' obligations in connection with the use of cookies or other tracking devices (privacy and cookies policies).
  • Advising on patient data issues in the health and social care sector.
  • Notifications of data breaches to the Information Commissioner.
  • Enforcement action.

Recent experience

  • Advising a multi-national auction house in connection with the marketing consents collected for use as part of an email and print marketing campaign.
  • Drafting all relevant data protection clauses in various agreements, Model Contract Clauses and policies to allow an event organiser to process personal data all over the world.
  • Conducting and managing a cross border review of a major online retailer's privacy policies.
  • Negotiating with the Information Commissioner regarding enforcement action including attending formal meetings with the Information Commissioner regarding the same.
  • Providing bespoke internal training programs for a range of organisations and corporate clients to raise the awareness of ata protection and information security. 
  • Advising a bank established in the UK on how to deal with information requests from US enforcement authorities which would have resulted in transfers of personal data. 
  • Advising a local healthcare provider in relation to their patient data obligations under the various legislation (including the National Health Service Act 2006 and the Health and Social Care Act 2012).    
  • Advising a client operating a gaming platform potentially hosted in the US in connection with the recent Safe Harbor decisions of the European Court.