Our experienced team of data protection specialists can assist with:
- GDPR and data protection law compliance – advising on all aspects of data protection law, including updating contracts and policies for DP law compliance.
- Cyber security and data breaches – providing strategic advice in relation to data privacy incident management and information security.
- Data subject rights and freedom of information - responding to data subject access requests and complaints, including as part of employee grievance processes or litigation and drafting procedures, as well as advising on handling freedom of information requests.
- Direct marketing and cookies – including advising on online/electronic direct marketing, social media and cookies.
- Cross-border data transfers - drafting and advising on intra-group and external data transfer arrangements and safeguards.
- Technology and data protection – including advising on privacy issues arising from technologies, including geo-location of mobile payment and apps and on privacy implications of smart devices, employee monitoring, bring your own device and AI.
"The ‘incredibly responsive, personable and efficient’ Stephenson Harwood handles the full gamut of data protection and information law issues."
The Legal 500 UK 2022
International bank
Advised an international bank on its GDPR compliance programme, providing a full suite of services from close involvement in the bank's data mapping exercise, providing a gap analysis on its compliance and producing sets of policies, contracts and procedures to fill the gaps identified to help the client work towards becoming GDPR-compliant.
Listed financial services provider
Advised in relation to a data breach of a payment platform operated by the client, where hackers had gained unauthorised access to the personal data of customers of over 5,000 merchants. This included advising on all aspects of incident response and potential disputes with third parties.
Professional services firm
Advised a professional services firm in relation to various DSAR compliance requirements and data subject requests in its contractual arrangements and standard terms.
DIFC data protection law 2020
Advised the Dubai branch of an international bank, and several other DIFC based/incorporated companies, on compliance with the DIFC data protection law 2020, including advice on filing requirements, processes, content of privacy policies, the appointment of a data protection officer and employment contract updates.
Financial institution
Advised a financial institution in Hong Kong on a data breach incident allegedly caused by the negligence of a third party service provider.
Online beauty retailer
Advised one of Europe's largest online beauty retailers on their GDPR compliance project including their direct marketing activities.
Analytics company
Advised an international analytics company on its response to the Schrems II case, including its intra-group transfers and transfer of client data to the US.
Australian company
Advised on its complex onward transfer issues of EU personal data from the company in Australia to other jurisdictions and the impact of the Schrems II judgment.
Leading property developer
Advised on updates required to its UAE privacy policy to allow for potential transfers of consumer data between several Middle East jurisdictions, India and the UK.
Leading pharma company
Provided data privacy advice and drafted terms for healthcare apps for a leading pharma company including considering related information security and data privacy points.
Luxury goods and retail brands
Advised a luxury goods brand and a retail brand on its use of adtech, cookies and tracking pixels.