Data Protection Solicitors

Data Protection and Privacy

Regardless of what your business does, we live in a world where data is one of a business's most valuable assets. In an age of tracking devices, an active regulator, published security breaches and individuals' increasing awareness of their legal rights, it is vital that businesses are on top of the regularly evolving data protection, privacy and information security laws. 

Michelmores' award-winning Technology, Media and Communications team has an expert team of Data Protection Solicitors advising on all aspects of privacy, data protection and information management and security. Our specialist advice ranges from drafting all necessary arrangements in a business to ensure that they are compliant with the latest data protection laws to engaging with the Information Commissioner's Office to manage and minimise the effect of non-compliance by a business.

We advise on: 

  • All aspects of data protection and privacy law including the EU's General Data Protection Regulation 2016, the UK data protection regime under the Data Protection Act 2018 and retained EU law, the Privacy and Electronic Communications (EC Directive) Regulations 2003, Freedom of Information Act 2000 and the Environmental Information Regulations 2004.
  • Requests made under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004, advising on applicable exemptions in respect of requests made.
  • Advising in respect of Freedom of Information Act requests including appeals to the Information Commissioner's Office and appeals of decisions of the ICO to the First Tier Tribunal.
  • Data processing agreements and clauses.
  • Multi-jurisdictional and domestic data transfers including transfers of personal and sensitive personal data to countries within and outside of the EEA.
  • Incident management following data breaches and notifications of data breaches to the Information Commissioner as well as management of communications with affected clients and customers.
  • Notifications of data breaches to the Information Commissioner.
  • Enforcement action.
  • The appropriate collection of consents and other lawful bases for processing personal data under data protection and e-privacy legislation.
  • Direct marketing.
  • Advising in respect of complex Subject Access Requests and applicable exemptions under data protection legislation.
  • Internal policies and procedures including internal data protection handbooks, data protection impact assessments and legitimate interests assessments
  • Advising on compensation claims brought by Claims Management companies in relation to breaches of personal data.
  • Website operators' obligations in connection with the use of cookies or other tracking devices (privacy policies and cookies policies)
  • Advising on claims brought in respect of unauthorised cookies.
  • The data protection implications of the ad-tech industry and the targeting of online ads to individuals
  • Advising on patient data issues in the health and social care sector.

Recent experience

  • Advising a multi-national auction house in connection with the marketing consents collected for use as part of an email and print marketing campaign.
  • Drafting all relevant data protection clauses in various agreements, Model Contract Clauses and policies to allow an event organiser to process personal data all over the world.
  • Conducting and managing a cross border review of a major online retailer's privacy policies.
  • Negotiating with the Information Commissioner regarding enforcement action including attending formal meetings with the Information Commissioner regarding the same.
  • Providing bespoke internal training programs for a range of organisations and corporate clients to raise the awareness of ata protection and information security. 
  • Advising a bank established in the UK on how to deal with information requests from US enforcement authorities which would have resulted in transfers of personal data. 
  • Advising a local healthcare provider in relation to their patient data obligations under the various legislation (including the National Health Service Act 2006 and the Health and Social Care Act 2012).    
  • Advising a client operating a gaming platform potentially hosted in the US in connection with the recent Safe Harbor decisions of the European Court.