Data protection and information

Our experienced team advises clients in relation to all aspects of data protection and information law. Our focus is on providing clear, succinct guidance that cuts through the complex framework of the regulations and goes further than straightforward black letter advice.
  • Profile
  • Experience
  • Key contacts

Our team advises on:

  • Cross-border data transfers - drafting intra-group and external data transfer arrangements and coordinating multi-jurisdictional advice.
  • Marketing – advising on privacy issues around online and other channels of direct marketing and compliance with e-Privacy Regulations (including use of social media for marketing).
  • Mobile payment and other applications – advising on the privacy impacts of developing mobile applications, including issues around the use of geo-location data.
  • BYOD – advising on the privacy implications of “bring your own device” initiatives rolled out to employees of large regulated organisations.
  • Privacy policies – drafting and advising on internal (employee) and external (customer) privacy policies and “fair processing notices”.
  • SARs – advising on subject access requests, including as part of employee grievance processes or litigation.
  • FoIA - advising both public sector clients on handling freedom of information requests and on the implications for private sector clients of contracting with public sector bodies.
  • Governance and control – providing strategic advice on data privacy incident management, information security and record retention.

Members of the team have also spent time on client secondments, including to the privacy teams of Barclays Bank and Standard Chartered Bank.

"The team really know what they're doing. They just become part of our team, which I've truly enjoyed"
Chambers UK 2014

Barclays Bank PLC

We advise on a wide range of privacy issues including time on secondment to its Data Privacy Legal team and advising on digital marketing initiatives.

Multi-national life science company

We advise a multi-national life science company on its intra-group data transfer agreements and registrations.

UK Pharma company

We advise UK Pharma company on DP policies and standard operating procedures.

Standard Chartered Bank

We advise Standard Chartered Bank on EU data protection issues.

The Cloud Networks Limited

We advise The Cloud Networks Limited on data retention regulations.

Corporation Service Company

We advise Corporation Service Company on a global privacy programme.

Large US retailer

We advise a large US retailer on the regulatory issues relating to the launch of an e-commerce website in the UK and changes to the ePrivacy Directive.

Affinion International

We advise Affinion International on data protection considerations relating to card protection products and a scheme of redress.

LOVEFiLM

We advised LOVEFiLM on data protection issues relating to its sale to Amazon.

We are also recognised as a leading law firm in the Legal 500 directories.

Lawyer

Jonathan Kirsop Partner

T:  +44 20 7809 2121
M:  +44 7554 403 022 Email Jonathan | Vcard Office:  London

Lawyer

Tom Platts Partner

T:  +65 6622 9641
M:  +65 8233 3245 Email Tom | Vcard Office:  Jakarta, Singapore, Yangon

Latest news & insights

17 Nov 2017

From Insights

GDPR narrows opportunities to rely on legitimate interests ground

Katie Hewson looks at the changes that the GDPR will make to the legitimate interests ground for processing personal data lawfully and gives practical advice on how or..

More

31 Oct 2017

From Insights

Article 29 Data Protection Working Party GDPR Guidelines on Data Protection Impact Assessments

Article 35 of the General Data Protection Regulation ("GDPR") introduces the concept of a Data Protection Impact Assessment ("DPIA").

More

31 Oct 2017

From Insights

Data Protection update - October 2017

In this issue, we report that the second reading of the Data Protection Bill has taken place in the House of Lords. We highlight that, following the first annual revie..

More

29 Sep 2017

From Insights

Data Protection update - September 2017

In this issue, we report that the long awaited Data Protection Bill has been introduced before the UK Parliament. We consider the ICO's draft guidance on contracts and..

More

07 Sep 2017

From Insights

Employer monitoring of private messages may be a breach of human rights

In a decision handed down on 5 September, the Grand Chamber of the European Court of Human Rights has held that, in monitoring an employee's personal e-mails, his empl..

More

30 Aug 2017

From Insights

Data Protection update - August 2017

In this issue, we report that the UK Government has published its statement of intent on the forthcoming Data Protection Bill and is also seeking an early deal with th..

More

02 Aug 2017

From News

Data Protection update - July 2017

In this issue, we report that the Ministry of Justice has disclosed a judge's handwritten notes in response to a subject access request and outline the European Privac..

More

03 Jul 2017

From Insights

Data Protection update - June 2017

In this issue, we summarise the ICO's revised guidance on Subject Access Requests and the Belgian data authority's recommendations when designating a Data Protection O..

More

31 May 2017

From Insights

Data Protection update - May 2017

Data protection coverage this month includes a report on the global ransomware attack that affected 200,000 victims in 150 countries. We also consider news that the Di..

More

02 May 2017

From Insights

Data Protection update - April 2017

Data protection coverage this month includes reports that the first EU-US Privacy Shield review is due to take place in September 2017. We also report that the EU cons..

More

28 Mar 2017

From Insights

Data Protection update - March 2017

Data protection coverage this month includes: reports that the Italian Data Protection Office has issued the EU's highest ever fines for a data protection breach and N..

More

28 Feb 2017

From Insights

Data Protection update - February 2017

Data protection coverage this month includes: the approval of Google's model contractual clauses by the EU Commission and the entry into force of the EU-US Umbrella Ag..

More

26 Jan 2017

From Insights

Data Protection update - December 2016 / January 2017

Data protection coverage this month includes: the probable effect of a recent ECJ ruling on the so-called Snooper's Charter and the new draft regulation on privacy and..

More

26 Jan 2017

From Insights

Article 29 Data Protection Working Party GDPR Guidelines on Data Protection Officers

Article 37 of the General Data Protection Regulation introduces the mandatory requirement for certain organisations, including data processors and data controllers ali..

More

26 Jan 2017

From Insights

Article 29 Data Protection Working Party GDPR Guidelines for identifying a data controller or processor’s lead supervisory authority

If a data controller or data processor is carrying out cross-border processing of personal data, Article 56 of the General Data Protection Regulation requires one 'lea..

More

26 Jan 2017

From Insights

Article 29 Data Protection Working Party GDPR Guidelines on Data Portability

Article 20 of the General Data Protection Regulation contains two new and interrelated rights for data subjects.

More

print-footer
logo
© Stephenson Harwood LLP 2016. Any reference to Stephenson Harwood in this document means Stephenson Harwood LLP and/or its affiliated undertakings. Any reference to a partner is used to refer to a member of Stephenson Harwood LLP.