Data Protection and Privacy
Regardless of what your business does, we live in a world where data is one of a business's most valuable assets. In an age of tracking devices, an active regulator, published security breaches and individuals' increasing awareness of their legal rights, it is vital that businesses are on top of the regularly evolving data protection, privacy and information security laws.
Michelmores' award-winning Technology, Media and Communications team has an expert team of Data Protection Solicitors advising on all aspects of privacy, data protection and information management and security. Our specialist advice ranges from drafting all necessary arrangements in a business to ensure that they are compliant with the latest data protection laws to engaging with the Information Commissioner's Office to manage and minimise the effect of non-compliance by a business.
We advise on:
- All aspects of data protection and privacy law including the EU's General Data Protection Regulation 2016, the UK data protection regime under the Data Protection Act 2018 and retained EU law, the Privacy and Electronic Communications (EC Directive) Regulations 2003, Freedom of Information Act 2000 and the Environmental Information Regulations 2004.
- Requests made under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004, advising on applicable exemptions in respect of requests made.
- Advising in respect of Freedom of Information Act requests including appeals to the Information Commissioner's Office and appeals of decisions of the ICO to the First Tier Tribunal.
- Data processing agreements and clauses.
- Multi-jurisdictional and domestic data transfers including transfers of personal and sensitive personal data to countries within and outside of the EEA.
- Incident management following data breaches and notifications of data breaches to the Information Commissioner as well as management of communications with affected clients and customers.
- Notifications of data breaches to the Information Commissioner.
- Enforcement action.
- The appropriate collection of consents and other lawful bases for processing personal data under data protection and e-privacy legislation.
- Direct marketing.
- Advising in respect of complex Subject Access Requests and applicable exemptions under data protection legislation.
- Internal policies and procedures including internal data protection handbooks, data protection impact assessments and legitimate interests assessments
- Advising on compensation claims brought by Claims Management companies in relation to breaches of personal data.
- Advising on claims brought in respect of unauthorised cookies.
- The data protection implications of the ad-tech industry and the targeting of online ads to individuals
- Advising on patient data issues in the health and social care sector.
- The implications of a "no-deal" Brexit on the cross-border transfer of personal data
- The legacy of Schrems II
- Handling EU data subjects' personal data post-Brexit
- January 2020 update - Firms should consider the implications of Brexit for the cross-border transfer of personal data
- ICO to fine Marriott International £99,200,396 for Cyberattack
- ICO to fine British Airways £183.39 million for Cyberattack
- EU Commission urged to suspend the EU-US Privacy Shield
- Heathrow Airport and Bupa fines re-iterate need for basic data protection measures
- Britain must continue to protect personal data obtained prior to Brexit or delete them
- UK solicitors ordered to disclose details of confidential decision making
- ICO issues second £400,000 fine in less than a year
- The European Commission's proposed e-Privacy Regulation
- Impact of Brexit on Data Protection Law
- EU-U.S. "Privacy Shield" announced
- Upcoming changes to Data Protection Law
- Meeting the 7th Data Protection Principle
- fine for direct marketing campaign
- Wearable Technology - Bringing Data to Life
- Enforced subject access requests
- Advising a multi-national auction house in connection with the marketing consents collected for use as part of an email and print marketing campaign.
- Drafting all relevant data protection clauses in various agreements, Model Contract Clauses and policies to allow an event organiser to process personal data all over the world.
- Conducting and managing a cross border review of a major online retailer's privacy policies.
- Negotiating with the Information Commissioner regarding enforcement action including attending formal meetings with the Information Commissioner regarding the same.
- Providing bespoke internal training programs for a range of organisations and corporate clients to raise the awareness of ata protection and information security.
- Advising a bank established in the UK on how to deal with information requests from US enforcement authorities which would have resulted in transfers of personal data.
- Advising a local healthcare provider in relation to their patient data obligations under the various legislation (including the National Health Service Act 2006 and the Health and Social Care Act 2012).
- Advising a client operating a gaming platform potentially hosted in the US in connection with the recent Safe Harbor decisions of the European Court.