Data protection and information

Our experienced team advises clients in relation to all aspects of data protection and information law. Our focus is on providing clear, succinct guidance that cuts through the complex framework of the regulations and goes further than straightforward black letter advice.
  • Profile
  • Experience
  • Key contacts

Our team advises on:

  • Cross-border data transfers - drafting intra-group and external data transfer arrangements and coordinating multi-jurisdictional advice.
  • Marketing – advising on privacy issues around online and other channels of direct marketing and compliance with e-Privacy Regulations (including use of social media for marketing).
  • Mobile payment and other applications – advising on the privacy impacts of developing mobile applications, including issues around the use of geo-location data.
  • BYOD – advising on the privacy implications of “bring your own device” initiatives rolled out to employees of large regulated organisations.
  • Privacy policies – drafting and advising on internal (employee) and external (customer) privacy policies and “fair processing notices”.
  • SARs – advising on subject access requests, including as part of employee grievance processes or litigation.
  • FoIA - advising both public sector clients on handling freedom of information requests and on the implications for private sector clients of contracting with public sector bodies.
  • Governance and control – providing strategic advice on data privacy incident management, information security and record retention.

Members of the team have also spent time on client secondments, including to the privacy teams of Barclays Bank and Standard Chartered Bank.

"The team really know what they're doing. They just become part of our team, which I've truly enjoyed"
Chambers UK 2014

Barclays Bank PLC

We advise on a wide range of privacy issues including time on secondment to its Data Privacy Legal team and advising on digital marketing initiatives.

Multi-national life science company

We advise a multi-national life science company on its intra-group data transfer agreements and registrations.

UK Pharma company

We advise UK Pharma company on DP policies and standard operating procedures.

Standard Chartered Bank

We advise Standard Chartered Bank on EU data protection issues.

The Cloud Networks Limited

We advise The Cloud Networks Limited on data retention regulations.

Corporation Service Company

We advise Corporation Service Company on a global privacy programme.

Large US retailer

We advise a large US retailer on the regulatory issues relating to the launch of an e-commerce website in the UK and changes to the ePrivacy Directive.

Affinion International

We advise Affinion International on data protection considerations relating to card protection products and a scheme of redress.

LOVEFiLM

We advised LOVEFiLM on data protection issues relating to its sale to Amazon.

We are also recognised as a leading law firm in the Legal 500 directories.

Lawyer

Jonathan Kirsop Partner

T:  +44 20 7809 2121
M:  +44 7554 403 022 Email Jonathan | Vcard Office:  London

Lawyer

Tom Platts Partner

T:  +65 6622 9641
M:  +65 8233 3245 Email Tom | Vcard Office:  Jakarta, Singapore, Yangon

Latest news & insights

01 Oct 2018

From Insights

Data Protection update - September 2018

Welcome to the August 2018 edition of our Data Protection bulletin, our monthly update on key developments in data protection law.

More

31 Aug 2018

From Insights

Data Protection update - August 2018

Welcome to the August 2018 edition of our Data Protection bulletin, our monthly update on key developments in data protection law.

More

01 Aug 2018

From Insights

Data Protection update - July 2018

Welcome to the July 2018 edition of our Data Protection bulletin, our monthly update on key developments in data protection law.

More

02 Jul 2018

From Insights

Data Protection update - June 2018

Welcome to the June 2018 edition of our Data Protection bulletin, our monthly update on key developments in data protection law.

More

31 May 2018

From Insights

Data Protection update - May 2018

Welcome to the May 2018 edition of our Data Protection bulletin, our monthly update on key developments in data protection law.

More

10 May 2018

From Insights

Are you ready for the GDPR?

The EU General Data Protection Regulation 2016 (GDPR) will come into effect on 25 May 2018. The GDPR aims to protect EU individuals’ data privacy rights and targets or..

More

01 May 2018

From Insights

Data Protection update - April 2018

Welcome to the April 2018 edition of our Data Protection bulletin, our monthly update on key developments in data protection law.

More

01 May 2018

From Insights

Article 29 Data Protection Working Party ("WP29") GDPR Guidelines on Transparency

The WP29 provides guidance on the new obligation of transparency concerning the processing of personal data under the General Data Protection Regulation (the “GDPR”).

More

01 May 2018

From Insights

Article 29 Data Protection Working Party ("WP29") GDPR Guidelines on Consent

The WP29 guidelines provide a thorough analysis of the notion of consent as one of the six legal grounds for processing personal data.

More

09 Apr 2018

From Insights

RGPD – Compte à rebours

Le Règlement Général sur la Protection des Données personnelles ("RGPD") entre en vigueur le 25 mai 2018 et introduit d'importants changements en matière de loi sur la..

More

29 Mar 2018

From Insights

Data Protection update - March 2018

Welcome to the latest edition of our Data Protection update, our review of key developments in Data Protection law covering March 2018.

More

15 Mar 2018

From Insights

Data protection in the United Kingdom: the GDPR countdown

The European General Data Protection Regulation (GDPR) comes in to force on 25 May 2018 and heralds a step change in data protection law throughout the European Union...

More

01 Mar 2018

From Insights

Data Protection update - February 2018

Welcome to the latest edition of our Data Protection update, our review of key developments in Data Protection law covering February 2018.

More

01 Mar 2018

From Insights

Article 29 Data Protection Working Party GDPR Guidelines on Breach Notification

Article 33 General Data Protection Regulation introduces the requirement for a personal data breach to be notified to the competent national supervisory authority (e.g..

More

05 Feb 2018

From News

Stephenson Harwood employment and data protection teams recognised as 'Specialists in DIFC Data Protection Law'

Law firm Stephenson Harwood has been recognised by the Dubai International Financial Centre (DIFC) Academy of Law as 'Specialists in DIFC Data Protection Law'.

More

31 Jan 2018

From Insights

Data Protection update - January 2018

Happy New Year and welcome to the latest edition of our Data Protection update, our review of key developments in Data Protection law covering December 2017 and Januar..

More

print-footer
logo
© Stephenson Harwood LLP 2016. Any reference to Stephenson Harwood in this document means Stephenson Harwood LLP and/or its affiliated undertakings. Any reference to a partner is used to refer to a member of Stephenson Harwood LLP.