Data protection and information
  • Related Sectors
  • Related Locations
  • Awards

Data protection and information

Our international data protection team provides practical and commercial advice to clients across a wide range of sectors and jurisdictions. Recognised by legal directories, our team is highly experienced in advising on all aspects of data protection law, covering advisory, transactional, contentious and investigations data privacy issues. Visit our data protection hub to discover more information about data protection hot topics, key legal developments and our expertise and offering.
  • Profile
  • Experience
  • Key contacts

Our experienced team of data protection specialists can assist with:

  • GDPR and data protection law compliance – advising on all aspects of data protection law, including updating contracts and policies for DP law compliance.
  • Cyber security and data breaches – providing strategic advice in relation to data privacy incident management and information security.
  • Data subject rights and freedom of information - responding to data subject access requests and complaints, including as part of employee grievance processes or litigation and drafting procedures, as well as advising on handling freedom of information requests.
  • Direct marketing and cookies – including advising on online/electronic direct marketing, social media and cookies.
  • Cross-border data transfers - drafting and advising on intra-group and external data transfer arrangements and safeguards.
  • Technology and data protection – including advising on privacy issues arising from technologies, including geo-location of mobile payment and apps and on privacy implications of smart devices, employee monitoring, bring your own device and AI.

"The ‘incredibly responsive, personable and efficient’ Stephenson Harwood handles the full gamut of data protection and information law issues."
The Legal 500 UK 2022

A global payments fintech

Advised a global payments fintech on incident response and management in relation to a personal data breach.

A fund

Advised a fund on a data breach resulting from a cyber-attack made against the client's outsourced HR and payroll provider, by ensuring that they were in compliance with their notification obligations under the UK GDPR, and coordinating with an independent technical expert to formulate a robust response to the breach and ensure that the risk to our clients' systems was limited.

A housing association

Advised on its response to a data breach incident affecting members of its pension scheme.

A leading scientific research funding agency

Advised on data breaches suffered by several of its overseas offices when an unknown attacker exfiltrated files containing personal data, by ensuring that they were in compliance with their local regulatory and notification obligations according to the types of data impacted.

International bank

Advised an international bank on its GDPR compliance programme, providing a full suite of services from close involvement in the bank's data mapping exercise, providing a gap analysis on its compliance and producing sets of policies, contracts and procedures to fill the gaps identified to help the client work towards becoming GDPR-compliant.

Listed financial services provider

Advised in relation to a data breach of a payment platform operated by the client, where hackers had gained unauthorised access to the personal data of customers of over 5,000 merchants. This included advising on all aspects of incident response and potential disputes with third parties.

Professional services firm

Advised a professional services firm in relation to various DSAR compliance requirements and data subject requests in its contractual arrangements and standard terms.

DIFC data protection law 2020

Advised the Dubai branch of an international bank, and several other DIFC based/incorporated companies, on compliance with the DIFC data protection law 2020, including advice on filing requirements, processes, content of privacy policies, the appointment of a data protection officer and employment contract updates.

Financial institution

Advised a financial institution in Hong Kong on a data breach incident allegedly caused by the negligence of a third party service provider.

Online beauty retailer

Advised one of Europe's largest online beauty retailers on their GDPR compliance project including their direct marketing activities.

Analytics company

Advised an international analytics company on its response to the Schrems II case, including its intra-group transfers and transfer of client data to the US. 

Australian company

Advised on its complex onward transfer issues of EU personal data from the company in Australia to other jurisdictions and the impact of the Schrems II judgment.

Leading property developer

Advised on updates required to its UAE privacy policy to allow for potential transfers of consumer data between several Middle East jurisdictions, India and the UK.

Leading pharma company

Provided data privacy advice and drafted terms for healthcare apps for a leading pharma company including considering related information security and data privacy points.

Luxury goods and retail brands

Advised a luxury goods brand and a retail brand on its use of adtech, cookies and tracking pixels.

Latest news & insights

04 Apr 2024

From Insights

Data Protection update - March 2024

Welcome to the Stephenson Harwood Data Protection bulletin, covering the key developments in data protection law from March 2024.

More

18 Mar 2024

From Insights

Big Brother is watching you: Facial recognition in the UK

In a recent Privacy Laws & Business article, data protection partner Katie Hewson, associate Daniel Jones and senior paralegal Nelson Kiu report on the latest, sometim..

More

04 Mar 2024

From Insights

Data Protection update - February 2024

Welcome to the Stephenson Harwood Data Protection bulletin, covering the key developments in data protection law from February 2024.

More

06 Feb 2024

From Insights

Data Protection update - December 2023/ January 2024

Welcome to the Stephenson Harwood Data Protection bulletin, covering the key developments in data protection law from December 2023 and January 2024.

More

15 Dec 2023

From Insights

New regulation: GBA standard contract for the cross-border flow of personal information - will it make Hong Kong unique under PIPL?

On 13 December 2023, with the aim to promote the safe and orderly cross-border flow of personal information within the Guangdong-Hong Kong-Macao Greater Bay Area (GBA)..

More

05 Dec 2023

From Insights

Data Protection update – November 2023

Welcome to the Stephenson Harwood Data Protection bulletin, covering the key developments in data protection law from November 2023.

More

08 Nov 2023

From Insights

The Biden Executive Order on AI: key takeaways

On 30 October, the White House issued an Executive Order on artificial intelligence, encouraging the "safe, secure and trustworthy development and use of AI"

More

07 Nov 2023

From Insights

Data Protection update - October 2023

Welcome to the Stephenson Harwood Data Protection bulletin, covering the key developments in data protection law from October 2023.

More

31 Oct 2023

From Insights

Clearview AI Inc v The Information Commissioner: Clearview AI successfully overturns ICO fine

In Clearview AI Inc v The Information Commissioner [2023] UKFTT 819 (GRC), the First-tier Tribunal overturned a large fine issued by the Information Commissioner's Off..

More

30 Oct 2023

From Insights

AI: an international perspective

Artificial intelligence technology (“AI”) is transforming various aspects of business and society around the world, with applications ranging from generative AI and ma..

More

11 Oct 2023

From Insights

New Draft regulation to facilitate data export from Chinese Mainland

On 28 September 2023, the last working day before the Golden Week, the Cyberspace Administration of China published the draft Provisions on Regulating and Facilitating..

More

10 Oct 2023

From Insights

Whistleblowing in the financial services sector – A global perspective

Whistleblowing is a global issue whether in the financial services sector or more broadly. It is deployed by those with a genuine issue to raise as well as by those wi..

More

06 Oct 2023

From Insights

Data Protection update - September 2023

Welcome to the Stephenson Harwood Data Protection bulletin, covering the key developments in data protection law from September 2023.

More

20 Sep 2023

From Insights

Closing the door on the third appeal against the ICO’s first UK GDPR fine

In a recent Privacy Laws & Business article, Stephenson Harwood data protection partner Katie Hewson and associate Amarveer Randhawa analyse the third appeal against t..

More

14 Sep 2023

From Insights

Generative AI webinar series: top tips and take-aways

In the rapidly evolving landscape of Generative AI (GenAI), navigating the intricate web of legal and commercial risks becomes an imperative task for businesses and le..

More

13 Sep 2023

From Insights

AI regulation – latest legal developments in Europe and the US

Stephenson Harwood's data protection partner Katie Hewson and associate Daniel Jones (based in London) and Ana Razmazma, counsel at Fenwick & West (based in Silicon Va..

More

print-footer
logo
© Stephenson Harwood LLP 2016. Any reference to Stephenson Harwood in this document means Stephenson Harwood LLP and/or its affiliated undertakings. Any reference to a partner is used to refer to a member of Stephenson Harwood LLP.