Data Protection and Privacy

We have a broad range of experience in advising clients from different sectors on all aspects of data protection, privacy and compliance.

We take a pragmatic and commercial approach to data protection compliance and privacy. Our 'hub and spoke' advisory model means we train and support data protection specialists in all our practice areas, including insurance, dispute resolution, financial regulation, technology, employment and strategic sourcing, to name a few.

We have a wealth of experience in advising on all aspects of data protection and privacy, from data processing arrangements to the design and implementation of complex multi-jurisdictional data strategies on both contentious and non-contentious matters. This regularly involves taking account of data protection and privacy rules on a global basis, including the EU General Data Protection Regulation and national implementing laws.

Our expertise includes advising on:

  • complex global compliance strategies
  • international transfers of personal data
  • data protection issues in the context of global investigations
  • issues raised by technologies such as the cloud, Internet of Things, Big Data, AI and emerging tech
  • security breaches and complaints
  • issues relating to litigation, including customer and employee subject access requests linked to a dispute
  • appointment of data processors, including as part of complex strategic sourcing arrangements
  • drafting data protection policies and advising on e-privacy and cookie related issues
  • freedom of information legislation

Partner Contacts

With Slaughter and May you get their excellent standards and the all-encompassing gold-plated client service Chambers UK, 2015

View all Corporate and Commercial media comments

Our key experience includes advising:

a major UK payment systems company on data protection implications of a significant innovative data sharing project involving the use of big data/data analytics.

one of the UK’s largest life and general insurers in relation to the establishment, authorisation, and operational processes of a regulated subsidiary dedicated to all of the business’ digital marketing and distribution operations. This included advice on the regulatory requirements applying to all forms of communication through digital channels, the lifecycle of digitised contractual processes, as well as the production of relevant data sharing and protection policies and procedures.

a number of financial institutions in the context of investigations by foreign regulators (e.g. on the data protection and privacy aspects of the global financial regulatory investigations into the setting of interbank offered benchmark rates including in relation to subject access requests by employees).

a client on a novel identity assurance scheme. Our work involved, among other things, an in-depth analysis of the data protection requirements applicable to complex data sharing arrangements across a number of datasets, data bases and participants.

an education sector provider on a cyber security breach, with our work involving analysis of the laws around data protection, computer misuse and theft as well as advice on privilege and notification to regulators and relevant law enforcement agencies.

a US provider of sales and marketing data on the risks, impact and challenges of the UK data protection regime and privacy and electronic communications laws in relation to proposed sales to UK customers.

providers of life and general insurance on novel sets of data processing agreements to be implemented throughout their respective global groups – in one case, this involved co-ordinating legal advice from over 40 jurisdictions and creating a compliance strategy for the global group.

a number of global financial institutions on the data protection aspects of compliance with certain US regulatory requirements and requests.

the UK Government on various data protection issues, including those arising out of the banking reform and other data-related projects.