Cyber Security
Data Protection
GDPR - General Data
Protection Regulation
Global Data Strategies
Reputation, Operations
and Commercial 
Risk Management
Bespoke Digital
Technology Advice
December 1, 2016


Examples of How we can Assist You

Our team is at the cutting edge of data protection and privacy law and specific experience includes:

Data Protection

  • Advising on data protection notices, telescripts, privacy policies, “bring your own device” policies, staff monitoring and privacy aspects compliance manuals
  • Advising on terms in Staff Handbooks and Employment Contracts
  • Assisting with all aspects of Subject Access Requests (such as drafting responses, applying exemptions, conducting appropriate searches for information, liaising with the Information Commissioner etc).
  • Advising on enterprise wide compliance audits and implementation, reporting at Board Level
  • Undertaking Privacy Impact Assessments
  • Advising on data breaches for regulated and non-regulated organisations
  • Advising on Data Monetisation and Data Utilisation strategies relating to the use of big data, joint ventures, social media, profiling, data licences, debt portfolios, customer profiling, data aggregation, legacy data and database consolidation.
  • Advising on social media strategies (including takedown procedures, user profiling, marketing, promotions, celebrity endorsement, commercialisation of data), drafting social media use hand books and policies.
  • Advising on the creation of consolidated databases to create a “single customer view” under which all CRM data can be merged to reflect varying customer preferences and consents.
  • Data Protection Due diligence in the context of company acquisitions and data licenses
  • IT Outsourcing for various FTSE 100 clients (privacy, ISO 2700, PCI) – Advising on SAP, Adobe, Oracle and IBM standard contracts, re-negotiating terms of business with such providers, putting in place terms with sub-contractors, provisions for the overseas transfer of data etc.
  • Advising credit hire, mortgage providers, insurance intermediaries and brokers on lawful data processing practices and building systems/customer journeys which can meet the demands of GDPR compliance.
  • Advising on broker and franchise arrangements, with experience in the car finance sector with regards to lawful data capture and marketing consents (as well as restricting brokers use of data through contractual privacy and confidentiality provisions).


  • Advising on opt-ins and opt-outs and multi-channel marketing as well as the commercial use of such data
  • Drafting legally complaint marketing consents and user consent for hard copy literature, websites and apps
  • Advising on the lawful sale and acquisition of marketing data

General Data Protection Regulation

The GDPR will create a wide range of new governance obligations for organisations which they must comply with by law. Failure to do so will mean a breach of the GDPR and may expose the organisation in question to fines and enforcement notices, as well as the negative publicity and loss of goodwill associates with non-compliance. We have experience advising on a host of GDPR related projects including:

  • Implementing GDPR compliance and project planning compliance roll-outs for a range of FTSE 100 companies in the banking, retail, transport and insurance sectors.
  • Conducing GDPR benchmarking audits and privacy impact assessments
  • Defining GDPR compliance project management roadmaps
  • Revising drafting of Use of Information Statements, Fair Processing Notices, Consents and Privacy policies for GDPR compliance
  • Drafting and negotiating GDPR complaint outsourcing agreements (for both the customer and service provider)
  • Negotiating GDPR costs and liability caps in commercial contracts
  • GDPR Training
  • Virtual Data Protection Officer Services

Cyber Security and Pen Testing

  • Penetration Testing: CHECK, CREST and Tiger accredited security testing
  • Social Engineering “hacks” to test your staff’s compliance with your security protocols
  • Interactive Security Training designed to get your staff thinking about security in their day to day jobs
  • Simulated Target Attack & Response (STAR)
  • CREST Cyber Essentials Testing: For organisations wishing to implement CREST’s Cyber Essentials security controls
  • Operational and Technical Support with implementing the demands of the General Data Protection Regulation Compliance from a security perspective

Information Law

We also have a wealth of expertise with regards to information rights available to the public under the Environmental Information Regulations 2004 and the Freedom for Information Act 2000 and are able to offer advice and training in relation to the following examples:

  • identifying when information is “held” for the purposes of FOIA
  • conducting appropriate searches for information
  • assisting with the application of exemptions
  • drafting FOIA and/or EIR policies
  • Drafting Costs policies
  • Assistance with implementing proactive publications schemes
  • Appropriately labeling documents for the purposes of applying exemptions available under the EIRs such as:
    • Draft documents
    • Privileged Documents
    • Commercially Sensitive Documents
  • Negotiating FOIA and/or EIR clauses in commercial agreements with private sector third parties
  • Advising on how to deal with information which may be held that relates to privately owned organisations, as well as complying with any associated confidentiality obligations
  • Drafting appropriate FOIA/EIR and Confidentiality obligations when contracting with the private sector

If you would like to contact us about our services or there is a matter which you require assistance with which is not covered on this page you can get in touch with our team via our Contact Us page.