Data Protection & Cybersecurity
The storage and management of data has become a major issue for all businesses, led by large scale changes in the legal and regulatory environment over recent years, especially after the implementation of the General Data Protection Regulation (GDPR). Businesses need an appropriate strategy in place for the governance of data and a programme for ensuring legal and regulatory compliance. At stake is the reputation of the business and potential exposure to significant fines.
Our team of data protection experts have many years’ experience of advising businesses and other organisations including in governments and large not for profits on data management, working closely with the boards, legal and operational teams. They bring technical expertise and commercial wisdom borne of significant experience of managing these issues, so that the right solutions are found that are not only legally compliant but also commercially appropriate for your organisation.
In respect of data privacy, we advise on
- developing, managing and advising on data governance programmes, including GDPR issues, policies and privacy notices, vendor due diligence and international transfers of data
- implementation and support around privacy by design in the development and management of technology, systems and business practices including projects involving AI, DLP systems, AdTech, facial recognition, digital health, app development and cloud computing
- marketing issues
- drafting and negotiating complex data, privacy and cybersecurity agreements
- data protection issues in the context of outsourcing, employment and corporate law including M&A transactions
- privacy law, data subject rights, CCTV, children related issues, compliance issues for personal data, employee related data issues
- support in dealing with investigations by data protection regulators
- data subject complaints handling management of data privacy incidents, including data breaches
Our cybersecurity legal service capability is comprehensive in scope, extending beyond data privacy.
- Before-the-event cyber risk management and advice including vendor due diligence, legal incident management plan drafting, appropriately leveraging legal privilege, tabletop exercises, contracts drafting and negotiations and NIS Regulations and GDPR preparedness
- Incident response including full or part incident support such as dealing with different regulators (such as the FCA, ICO and PRA) and law enforcement, liaising with internal or 3rd party incident response teams
- Transactions and projects including cybersecurity risk management in M&A corporate transactions, joint ventures and outsourcing arrangements
- listed and unlisted companies
- Governmental organisations
- NGOs and not for profits
Kristy Gouldsmith comments on viability of EU-US data transfer framework in Compliance Week
Enterprise Nation features Kristy Gouldsmith on the new UK/US data bridge