Data Protection & Cybersecurity

The storage and management of data has become a major issue for all businesses, led by large scale changes in the legal and regulatory environment over recent years, especially after the implementation of the General Data Protection Regulation (GDPR). Businesses need an appropriate strategy in place for the governance of data and a programme for ensuring legal and regulatory compliance. At stake is the reputation of the business and potential exposure to significant fines.

Our team of data protection experts have many years’ experience of advising businesses and other organisations including in governments and large not for profits on data management, working closely with the boards, legal and operational teams. They bring technical expertise and commercial wisdom borne of significant experience of managing these issues, so that the right solutions are found that are not only legally compliant but also commercially appropriate for your organisation.

In respect of data privacy, we advise on

  • developing, managing and advising on data governance programmes, including GDPR issues, policies and privacy notices, vendor due diligence and international transfers of data
  • implementation and support around privacy by design in the development and management of technology, systems and business practices including projects involving AI, DLP systems, AdTech, facial recognition, digital health, app development and cloud computing
  • marketing issues
  • drafting and negotiating complex data, privacy and cybersecurity agreements
  • data protection issues in the context of outsourcing, employment and corporate law including M&A transactions
  • privacy law, data subject rights, CCTV, children related issues, compliance issues for personal data, employee related data issues
  • support in dealing with investigations by data protection regulators
  • data subject complaints handling management of data privacy incidents, including data breaches

Our cybersecurity legal service capability is comprehensive in scope, extending beyond data privacy.

  • Before-the-event cyber risk management and advice including vendor due diligence, legal incident management plan drafting, appropriately leveraging legal privilege, tabletop exercises, contracts drafting and negotiations and NIS Regulations and GDPR preparedness
  • Incident response including full or part incident support such as dealing with different regulators (such as the FCA, ICO and PRA) and law enforcement, liaising with internal or 3rd party incident response teams
  • Transactions and projects including cybersecurity risk management in M&A corporate transactions, joint ventures and outsourcing arrangements
  • listed and unlisted companies
  • Governmental organisations
  • NGOs and not for profits
  • individuals



Juliana Barbedo Carvalho

Juliana Barbedo Carvalho

Partner – Telecoms Media & Technology

Andrew Bird

Andrew Bird

Partner – Corporate

Nicholas Blomfield

Nicholas Blomfield

Partner – Finance, asset management, banking, corporate, securities, privacy & data protection

Jowanna  Conboye

Jowanna Conboye

Partner - Intellectual Property; Technology; Commercial

Karl Foster

Karl Foster

Partner - Commercial

Emma Gross

Emma Gross

Partner – Employment, Data Protection

Stefania Lucchetti

Stefania Lucchetti

Partner - Local and Cross Border M&A, Technology Agreements, Commercial Agreements, IP Transactional Work, Data Protection and Cybersecurity

Delia Orabona

Delia Orabona

Partner - EU Regulatory & Trade, Technology, Media and Telecoms, ICT, Gambling and Sport, Automotive, Oil & Gas, Textile and Fashion

Edmund Probert

Edmund Probert

Partner – Commercial Law, IT Contracts & Intellectual Property