Why choose our Data and Privacy lawyers?
Our privacy team is a recognised market leader in its field and is highly sought after for its ability to navigate complexity and deliver straightforward, actionable advice.
Many of the world's leading corporations work with us to provide ongoing counsel and advice, as well as support on novel issues, launching new products and entering new markets.
Whether it's working on global privacy projects, GDPR compliance, product and services related issues such as data transfer, data protection impact assessments, processor arrangements or data sharing and policies, our team has the experience and deep legal knowledge to help you navigate the complex and fast-changing compliance landscape.
We also provide clients with cutting-edge tools to help them manage major technology-related issues and risks, including data breaches for which we offer our Fieldfisher Data Breach Manager service.
Our Data and Privacy team aligns itself across three broad practice pillars
We are experts in data governance, accountability and advisory work.
We advise our clients on policies, procedures and practices to ensure their operational processes adhere to the data protection requirements outlined in the UK and EU GDPR. Taking into account regulatory guidance and fines together with any case law, we will provide you with a practical approach via which you can demonstrate your compliance to clients, customers, employees and regulators alike. With our extensive breadth and depth of knowledge across a multitude of sectors, we can offer examples of what is considered the benchmark level of compliance with best practice.
We offer a roadmap for your ongoing compliance journey, including: a selection of packages for data protection officer services; advice on international data transfers (including Standard Contractual Clauses, Transfer Impact Assessments and Binding Corporate Rules); and data record keeping requirements. We explain how best to manage the most difficult data protection issues your organisation faces.
Today, data is integral to every organisation whether it be the collection and sharing of data, its use in activities like analytics, research or profiling, or how and where it is processed. Each of these exercises are underpinned by a commercial contract and/or data protection practice (such as DPIAs or data protection by design and by default). Working with some of the largest and most sophisticated technology companies in the world, our Data and Privacy team handles an enormous volume of work in this area.
This ranges from commercial contracts with customers and vendors through to reviewing new products, sales and marketing advice across all channels (e-mail, text, phone and post) besides profiling and online advertising in the increasingly changing sphere of adtech. We have outstanding experience in helping businesses achieve their commercial and product oriented goals in a way that provides effective protection for individuals’ data.
When suffering a personal data breach, the decision to notify or not is often finally balanced. To determine if an incident merits notification often needs the input of experience to consider the potential consequences of reporting and where to report, which may be across a multitude of jurisdictions. This is a process we are adept to handle and assist you with. Furthermore, organisations sometimes grapple with parallel notification requirements under GDPR, NIS and the ePrivacy Directive and we can support you in navigating the applicable regimes.
In addition, many organisations face increasing challenges through the so-called “weaponisation” of data subject rights, where individuals submit enormously time-consuming and expensive requests easily, and without cost. Our team has significant experience in advising organisations in both preparing for these risks and mitigating against them before or as and when they arise.
Employee data subject access requests can be extremely complex and time and cost intensive. We can advise in relation to conducting appropriate searches and the use of appropriate technology, which, together with a culture of data minimisation, can help make the process more seamless. We have extensive experience in managing regulatory investigations within the UK and more widely: our links with regulators and understanding of their priorities help us advise our clients on the key issues in any investigation.
Notable deals and highlights
- We successfully counselled multiple organisations through the process of multiple binding corporate rules applications - both pre- and post-GDPR, and across multiple different Member States as lead authority.
- Our team advised clients on post-GDPR regulatory investigations across a number of European Member States.
- We managed large volume subject access requests (SARs or DSARs) for clients in the public and private sectors.
- We provided commercial contracting support to a wide range of leading, household brand clients in the run-up to GDPR, ensuring that their customer and vendor contracting templates were GDPR-compliant, and helping to push those contracts out and negotiate them through to completion successfully. This work was completed both within our team and also using our Condor solution for high volumes.
- The team managed a large cyber security incident for a multinational business, which resulted in extensive review of potentially compromised data. We supported the client through its communications to the regulatory, staff and affected data subjects.
- We advised on privacy issues in the Internet of Things (IoT) for multiple clients including connected toys, vehicles and homes.
- Our team provided data protection officer services for clients in the tech, pharma, retail and leisure industries.
- We advised a media business on the compliant collection and monetisation of viewing information.
- We advised various ad tech businesses on their compliance with e-privacy and GDPR consent requirements, and in connection with regulatory enquiries into online advertising practices.
Fieldfisher Data Breach Manager
International Privacy Webinar Series
Get Data Protection Fit, Modular Training Programme
Latest Data and Privacy news and views
Sign up to our email digest