Our data protection and privacy specialists are recognised for their expertise in helping at all stages of the data cycle. We have particular strength in the retail, consumer finance and technology sectors, we provide a range of market-leading solutions, designed to fit needs and budgets.
Our depth of knowledge and distinctively approachable style of working sets us apart. Whether conducting compliance gap analysis or training, advising on how companies need to change their practices to meet the requirements of the law, devising strategies for increasing the commercial value of data, providing advice across HR related issues, dealing with complex international data flows and implementing privacy enhancing techniques with the organisation, we are committed to providing an excellent, solutions-based approach, grounded in innovation.The new General Data Protection Regulation (GDPR) is now in place. View our hub for essential advice from our data protection experts and make sure your business is compliant with the new regime. Visit our GDPR hub to find out more >
Many organisations that process personal data struggle with the concepts of pseudonymisation and anonymisation. In this article we will explain what the differences between the two concepts are and why it is important to make this distinction.
The operator of a website that features a Facebook ‘Like’ button can be a controller jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors to its website, according to the recent judgment of the Court of Justice of the European Union (CJEU).
A consideration of the data protection implications of a no-deal Brexit on UK companies.
Following the Irish Supreme Court's rejection of Facebook's appeal to withdraw the Irish High Court's referral to the European Court of Justice (ECJ), the Schrems II case has now been heard by the ECJ.
On 9 May 2019 the UK Information Commissioner's Office (ICO) issued an enforcement notice against HM Revenue & Customs (HMRC), requiring it to delete personal data that was unlawfully obtained and processed in relation to HMRC's Voice ID service.
Your organisation must have and record a lawful processing ground for processing personal data.
Organisations have a clear legal obligation to inform individuals about the collection and use of their personal data and most commonly do so via a written 'privacy notice.' However, many privacy notices (even those updated for GDPR) still fall foul of the law in a few common areas.
Does your organisation transfer personal data outside of the European Economic Area (EEA) by using the Model Clauses?