Data protection and information

Our experienced team advises clients in relation to all aspects of data protection and information law. Our focus is on providing clear, succinct guidance that cuts through the complex framework of the regulations and goes further than straightforward black letter advice.
  • Profile
  • Experience
  • Key contacts

Our team advises on:

  • Cross-border data transfers - drafting intra-group and external data transfer arrangements and coordinating multi-jurisdictional advice.
  • Marketing – advising on privacy issues around online and other channels of direct marketing and compliance with e-Privacy Regulations (including use of social media for marketing).
  • Mobile payment and other applications – advising on the privacy impacts of developing mobile applications, including issues around the use of geo-location data.
  • BYOD – advising on the privacy implications of “bring your own device” initiatives rolled out to employees of large regulated organisations.
  • Privacy policies – drafting and advising on internal (employee) and external (customer) privacy policies and “fair processing notices”.
  • SARs – advising on subject access requests, including as part of employee grievance processes or litigation.
  • FoIA - advising both public sector clients on handling freedom of information requests and on the implications for private sector clients of contracting with public sector bodies.
  • Governance and control – providing strategic advice on data privacy incident management, information security and record retention.

Members of the team have also spent time on client secondments, including to the privacy teams of Barclays Bank and Standard Chartered Bank.

"The team really know what they're doing. They just become part of our team, which I've truly enjoyed"
Chambers UK 2014

Barclays Bank PLC

We advise on a wide range of privacy issues including time on secondment to its Data Privacy Legal team and advising on digital marketing initiatives.

Multi-national life science company

We advise a multi-national life science company on its intra-group data transfer agreements and registrations.

UK Pharma company

We advise UK Pharma company on DP policies and standard operating procedures.

Standard Chartered Bank

We advise Standard Chartered Bank on EU data protection issues.

The Cloud Networks Limited

We advise The Cloud Networks Limited on data retention regulations.

Corporation Service Company

We advise Corporation Service Company on a global privacy programme.

Large US retailer

We advise a large US retailer on the regulatory issues relating to the launch of an e-commerce website in the UK and changes to the ePrivacy Directive.

Affinion International

We advise Affinion International on data protection considerations relating to card protection products and a scheme of redress.

LOVEFiLM

We advised LOVEFiLM on data protection issues relating to its sale to Amazon.

We are also recognised as a leading law firm in the Legal 500 directories.

Lawyer

Naomi Leach Partner

T:  +44 20 7809 2960
M:  +44 7769 143 367 Email Naomi | Vcard Office:  London

Lawyer

Tom Platts Partner

T:  +65 6622 9641
M:  +65 8233 3245 +95 94 2651 1218 Email Tom | Vcard Office:  Jakarta, Singapore, Yangon

Lawyer

Ben Sigler Partner

T:  +44 20 7809 2919
M:  +44 7584 237 401 Email Ben | Vcard Office:  London

Latest news & insights

06 Apr 2021

From Insights

Data Protection update - March 2021

Welcome to our Data Protection bulletin, covering the key developments in data protection law from March 2021.

More

04 Mar 2021

From Insights

Amendments to Personal Data Protection Act

On 1 February 2021, certain key amendments to the Personal Data Protection Act 2012 ("PDPA"), as well as accompanying subsidiary regulations, came into force.

More

02 Mar 2021

From Insights

Data Protection update - February 2021

Welcome to our Data Protection bulletin, covering the key developments in data protection law from February 2021.

More

03 Feb 2021

From Insights

Data Protection update - January 2021

Welcome to our Data Protection bulletin, covering the key developments in data protection law from December 2020 and January 2021.

More

07 Jan 2021

From Insights

Data protection and 5MLD

The Fifth Money Laundering Directive (5MLD) came into force on 10 January 2020 and imposes on art market participants a new obligation to carry out a range of due dili..

More

29 Dec 2020

From Insights

Brexit trade deal: what does it mean for data protection law?

The UK and the EU have – finally – agreed a Brexit trade deal, the draft EU-UK Trade and Cooperation Agreement [KH1] ("Agreement").

More

18 Dec 2020

From Insights

Appropriate technical and organisational measures: key takeaways from the recent ICO BA, Marriott and Ticketmaster penalty notices

The ICO has recently issued three high profile MPNs in relation to breaches of Articles 5(1)(f) and 32 GDPR.

More

15 Dec 2020

From Insights

An analysis of the Monetary Penalty Notice issued by the Information Commissioner’s Office to Ticketmaster UK Limited dated 13 November 2020

On 13 November 2020, the ICO issued Ticketmaster with a MPN, fining the ticket sales and distribution company £1.25 million for breaches of Articles 5(1)(f) and 32 GDP..

More

03 Dec 2020

From Insights

Data Protection update - November 2020

Welcome to our data protection bulletin, covering the key developments in data protection law from November 2020.

More

02 Dec 2020

From Insights

International personal data transfers: EDPB guidance and new Standard Contractual Clauses

Download our go-to-guides to help you navigate this new information and help prepare your business for post-Brexit and post-Schrems II data transfers.

More

23 Nov 2020

From Insights

Make the invisible visible: five key takeaways from the Experian enforcement action

As we reported in our October data protection bulletin, the ICO recently issued Experian with a Notice in relation to the processing of personal data for direct market..

More

20 Nov 2020

From Insights

An analysis of the Monetary Penalty Notice issued by the Information Commissioner’s Office to Marriott International, Inc. dated 30 October 2020

On 30 October 2020, the Information Commissioner’s Office (the “ICO”), acting as Lead Supervisory Authority for the purposes of Article 56 of the General Data Protecti..

More

10 Nov 2020

From Insights

ICO publishes detailed guidance on subject access requests

The new guidance does not change the underlying law it does provide some useful direction for employers, which should serve to simplify and clarify how to respond to S..

More

02 Nov 2020

From Insights

An analysis of the Monetary Penalty Notice issued by the Information Commissioner's Office to British Airways plc dated 16 October 2020

On 16 October 2020, the ICO issued BA with a MPN, fining the airline £20 million for breaches of Articles 5(1)(f) and 322 of the GDPR in relation to a data breach in 2..

More

30 Oct 2020

From Insights

Data Protection update - October 2020

Welcome to our data protection bulletin, covering the key developments in data protection law from October 2020.

More

15 Oct 2020

From Insights

Risks of remote working: How much can you monitor your employees?

Considering the Covid-19 pandemic, a shift to working from home has become the new normal for many employers.

More

print-footer
logo
© Stephenson Harwood LLP 2016. Any reference to Stephenson Harwood in this document means Stephenson Harwood LLP and/or its affiliated undertakings. Any reference to a partner is used to refer to a member of Stephenson Harwood LLP.