Our People
Shirt with tie

Data Protection and Privacy

In our ever more computerised world, organisations handle data relating to customers, employees or other individuals on a day-to-day basis. The protection of this personal data is a key foundation to those relationships and individuals trust those who deal with their data to keep it secure and not to use it for improper purposes.

Even so, hardly a week goes by without a story in the press of how unencrypted data has fallen into the hands of unauthorised third parties (perhaps through hacking or employee negligence/misconduct). Reputations which may have taken years to build can be destroyed in a matter of mouse clicks.

Individuals are also becoming increasingly aware of their rights under data protection legislation and are often using them as a tool to extract evidence which might form the basis of a legal claim or simply to cause administrative headaches.

In addition, the General Data Protection Regulation (“GDPR”) and Data Protection Act 2018 impose substantial responsibilities on organisations and an obligation to evidence their compliance by means of documented impact assessments, audits and policies. 

Services We Provide

  • an audit of your current arrangements
  • assisting with putting in place the appropriate policies, procedures and steps to minimise the risk of a breach of the data protection principles
  • providing training to your staff on how to keep records and share data in accordance with the principles
  • helping you deal with subject access requests in the most appropriate way
  • advising individuals on personal data protection rights
  • review commercial contracts
  • privacy notices
  • data processing agreements

Our Experience

We have considerable experience in dealing with data protection matters of all kinds, both on behalf of organisations and individuals.

In recent times, we have drafted fair processing statements and data protection policies for many organisations. We regularly make and help respond to subject access requests, whether made on a stand-alone basis or as part of a wider commercial, employment or customer service issue.

When required, we also liaise on our clients’ behalf with the Information Commissioner where matters escalate and the individual is unhappy with how an organisation has dealt with their personal data.

And we always understand that data protection is part and parcel of protecting an organisation’s hard-earned reputation.

Recent Experience

  • Assisting with preparation for the GDPR, including drafting privacy policies and related documentation 
  • Working with various organisations to respond to data subject access requests, analysing data gathered and applying various exemptions where appropriate
  • Making data subject access requests on behalf of various individuals to support the defence of unfair disciplinary proceedings and/or negotiations to avoid bringing claims of unfair dismissal
  • Advising on the use of standard contractual clauses for the transfer of personal data from the EU to processors established in third countries
  • Advising on dealing with a complaint alleging misuse of personal data provided during a recorded telephone conversation with an outsourced customer relations representative
  • Providing training to organisations on how to deal with the protection of personal data in the workplace
  • Negotiating data protection provisions in commercial agreements
  • Corresponding with the Information Commissioner on behalf of various clients, either complaining that subject access requests have not received full responses from organisations or defending such allegations against organisations

Quick Contact

Andrew Knorpel

Partner (Head of Employment)

Tel: +44 (0)1932 590673

Fiona Moss

Senior Associate

Tel: +44 (0)1932 590611