Data Protection & Privacy

The fine line: unlocking data value and compliance    

The regulatory landscape relating to personal data and privacy is ever evolving and new technologies present new challenges as well as opportunities.

At Michelmores, our experts work with a wide range of clients across many sectors helping them to keep ahead of developing regulation whilst making the best use of their data assets and new technologies.

Our commercially-minded advisers help clients find practical solutions to stay compliant with data protection and other applicable laws so that they can confidently move forward with their wider business priorities.

Holistic and pragmatic legal advice

Our approach is simple – to empower our clients to take advantage of the opportunities the data economy offers while meeting their compliance requirements.

Our dedicated Data Protection & Privacy team brings decades of expertise and knowledge of a wide range of sectors, including technology & innovation, consumer brands and energy, to ensure every client receives tailored advice.

To ensure that we deliver holistic support, our cross-practice team also draws on specialists from across the firm, including from our Corporate, Commercial, Employment and Regulatory Disputes teams and a number of us are members of the International Association of Privacy Professionals.

We advise on:

  • All aspects of data protection and privacy law including the UK GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
  • Data sharing arrangements and agreements with data processors.
  • Multi-jurisdictional and domestic data transfers including international data transfers.
  • The appropriate collection of consents and other lawful bases for processing of personal data.
  • Internal policies and procedures including internal data protection handbooks, data protection impact assessments, legitimate interests assessments and international data transfer assessments.
  • Incident management following data breaches and notifications of data breaches to the Information Commissioner’s Office and other regulators as well as management of communications with affected clients and customers.
  • Complex Subject Access Requests and their use in relation to litigation and Employment Tribunal proceedings
  • Enforcement actions.
  • Compensation claims brought by Claims Management companies in relation to breaches of personal data.
  • Developing training programmes for clients on data protection and privacy compliance.
  • Direct marketing and e-commerce.
  • Website operators’ obligations in connection with the use of cookies or other tracking devices, privacy policies and cookies policies.
  • Claims brought in respect of unauthorised cookies.
  • The data protection implications of the ad-tech industry and the targeting of online ads to individuals.
  • Patient data issues in the health and social care sector.
  • The use of personal data in AI and other novel technologies.
  • The use of children’s data and online safety.
  • The use of surveillance, facial recognition and biometric technologies.
  • The Freedom of Information Act 2000 (FOIA) and the Environmental Information Regulations 2004 (EIR), including advising on applicable exemptions in respect of requests made under FOIA and EIR and appeals to the Information Commissioner’s Office.

KEY CONTACTS
Anne Todd
Anne Todd
Partner
Emily Aggett
Emily Aggett
Senior Associate
TEAM
Tom Torkar
Tom Torkar
Partner
James Baker
James Baker
Partner
Jayne Clemens
Jayne Clemens
Partner
Mark Howard
Mark Howard
Partner
Rachael Lloyd
Rachael Lloyd
Partner
Philippa Collison
Philippa Collison
Associate
Nathaniel Lane
Nathaniel Lane
Associate
Lorenza Picciano
Lorenza Picciano
Solicitor
Sophie Walker
Sophie Walker
Solicitor
Moya Smith
Moya Smith
Solicitor
Tatiana Menezes
Tatiana Menezes
Solicitor