Data Protection and Privacy
Regardless of what your business does, we live in a world where data is one of a business's most valuable assets. In an age of tracking devices, an active regulator, published security breaches and individuals' increasing awareness of their legal rights, it is vital that businesses are on top of the regularly evolving data protection, privacy and information security laws.
Michelmores' award-winning Technology, Media and Communications team has an expert team of Data Protection Solicitors advising on all aspects of privacy, data protection and information management and security. Our specialist advice ranges from drafting all necessary arrangements in a business to ensure that they are compliant with the latest data protection laws to engaging with the Information Commissioner's Office to manage and minimise the effect of non-compliance by a business.
We advise on:
- All aspects of data protection and privacy law including the EU's General Data Protection Regulation 2016, the UK data protection regime under the Data Protection Act 2018 and retained EU law, the Privacy and Electronic Communications (EC Directive) Regulations 2003, Freedom of Information Act 2000 and the Environmental Information Regulations 2004.
- Data processing agreements and clauses.
- Multi-jurisdictional and domestic data transfers including transfers of personal and sensitive personal data to countries within and outside of the EEA.
- Notifications of data breaches to the Information Commissioner.
- Enforcement action.
- The appropriate collection of consents data protection and e-privacy legislation.
- Direct marketing.
- Internal policies and procedures including internal data protection handbooks, data protection impact assessments and legitimate interests assessments
- The data protection implications of the ad-tech industry and the targeting of online ads to individuals
- Advising on patient data issues in the health and social care sector.
- ICO Prosecution of Employee for Improper Use of Personal Data
- The implications of a "no-deal" Brexit on the cross-border transfer of personal data
- The legacy of Schrems II
- Handling EU data subjects' personal data post-Brexit
- GDPR requirement for an EU representative
- Firms should consider implications of Brexit for the cross-border transfer of personal data
- ICO to fine Marriott International £99,200,396 for Cyberattack
- ICO to fine British Airways £183.39 million for Cyberattack
- Fake news or libel?
- EU Commission urged to suspend the EU-US Privacy Shield
- Network and Information Systems Regulations 2018: What you need to know
- Heathrow Airport and Bupa fines re-iterate need for basic data protection measures
- Employers can be held vicariously liable for data breaches of their employees
- Britain must continue to protect personal data obtained prior to Brexit or delete them
- UK solicitors ordered to disclose details of confidential decision making
- ICO issues second £400,000 fine in less than a year
- Ten steps to prepare your business for GDPR changes
- GDPR: What does it mean for you?
- The European Commission's proposed e-Privacy Regulation
- Impact of Brexit on Data Protection Law
- ICO changes to its direct marketing guidance
- EU-U.S. "Privacy Shield" announced
- Upcoming changes to Data Protection Law
- Meeting the 7th Data Protection Principle
- fine for direct marketing campaign
- Wearable Technology - Bringing Data to Life
- Enforced subject access requests
- Advising a multi-national auction house in connection with the marketing consents collected for use as part of an email and print marketing campaign.
- Drafting all relevant data protection clauses in various agreements, Model Contract Clauses and policies to allow an event organiser to process personal data all over the world.
- Conducting and managing a cross border review of a major online retailer's privacy policies.
- Negotiating with the Information Commissioner regarding enforcement action including attending formal meetings with the Information Commissioner regarding the same.
- Providing bespoke internal training programs for a range of organisations and corporate clients to raise the awareness of ata protection and information security.
- Advising a bank established in the UK on how to deal with information requests from US enforcement authorities which would have resulted in transfers of personal data.
- Advising a local healthcare provider in relation to their patient data obligations under the various legislation (including the National Health Service Act 2006 and the Health and Social Care Act 2012).
- Advising a client operating a gaming platform potentially hosted in the US in connection with the recent Safe Harbor decisions of the European Court.