GDPR and data protection

Data protection law is an issue that cannot be ignored, especially given the enhanced rights and obligations of the General Data Protection Regulation (GDPR). Our highly experienced data protection lawyers advise on a broad range of complex data protection issues. 

The significance of data protection law continues to grow and raises issues of fundamental importance to individuals, businesses and organisations. We help individuals and business negotiate this complicated area of law, ensuring personal data is protected and helping to manage the consequences when it is not.

Assisting you in complying with the data protection law

Our specialist team can provide your organisation with properly targeted, well-rounded and expert legal advice so you can meet the expectations of the GDPR.

 GDPR COMPLIANCE  >

Supporting you in the event of data breach

The financial and reputational damage caused by a data breach can have devastating consequences to businesses and organisations.

DEALING WITH A DATA BREACH  >  

Data Protection Solicitors

Our data protection team comprises individuals from a wide range of disciplines including public lawemploymentcorporate and commercialcriminal litigationimmigration, and regulatory, providing you with properly targeted, well-rounded and expert advice.

Adam Chapman

Public Law

Judicial Review

Data Protection

Partner

Emily Carter

Public Law

GDPR and Data Protection

Public Inquiries and Inquests

Partner

Latest blogs & news

Requesting Medical Records after a death

Losing a loved one when you think it may be because they received poor medical care is incredibly stressful at a time when family and friends are grieving their loss.  Often, people want to see a written record of the final days of their loved one and what happened to them, or they might want to go through years of records to ascertain whether there was diagnosis that may have been missed, such as cancer.

Data Protection reform: A new direction for charities?

Following the UK’s departure from the EU, the Government wishes to reform the data protection legislation within this country in order to ‘unlock the power of data.’ For charities, does this mean the painful prospect of reworking their existing GDPR compliance regime or the promise of a lighter regulatory load?

Data: A New Direction - Research, Re-use and Responsibility

High on the Government’s wish list for data protection reform is the reduction of legislative barriers to ‘responsible innovation,’ particularly within the field of scientific research. Due to perceived complexity and lack of clarity, it is feared that organisations either choose not to conduct research at all or rely on unnecessarily burdensome consent processes. This blog considers the likely impact of the Government’s ideas

Consultation on ICO Powers Shows the Breadth of the Regulator’s Powers

On 20 December 2021 the ICO launched a consultation seeking views on three documents, which together demonstrate its wide-ranging powers to undertake investigatory, regulatory and enforcement action.  

Data: A new direction - Access to personal data

In this blog series, we will review the key proposals for reform of data protection law within the Government’s consultation paper ‘Data: A New Direction’. We will consider how far the Government will stray from the current path and signpost some potential pitfalls and practicalities for consideration along the way

Data: A New Direction - Unleashing the transformational power AI?

In this blog series, we will review the key proposals for reform of data protection law within the Government’s consultation paper ‘Data: A New Direction’. We will consider how far the Government will stray from the current path and signpost some potential pitfalls and practicalities for consideration along the way.

Data protection law reform: A new direction?

In this blog series, we will review the key proposals for reform of data protection law within the Government’s consultation paper ‘Data: A New Direction’. We will consider how far the Government will stray from the current path and signpost some potential pitfalls and practicalities for consideration along the way.

We begin with the Government’s proposals for creating a ‘whitelist’ of legitimate interests which always provide a lawful basis for processing under the UK GDPR. 

The UK’s Data Protection Reform Consultation – Good News for Employers?

On 10 September 2021 the UK Government launched a Consultation on proposed changes to data protection law with the aim to “create a more pro-growth and pro-innovation data regime, whilst maintaining the UK’s world-leading data protection standards”. The proposals are designed to build on the UK’s existing data protection regime (contained in the General Data Protection Regulation (as it applies in the UK post-Brexit) (UK GDPR) and the Data Protection Act 2018).

What is Next for GDPR in the UK, is Change on the Horizon?

The General Data Protection Regulation (known to everyone as the GDPR) is probably the most famous piece of legislation to come from the EU. It was and is incredibly ambitious in its scope, and shapes the way we engage with organisations both online and in the real world. When the UK formally withdrew from the EU, GDPR became retained EU law and continued to apply as before. The government have recently announced that they want to reform data protection legislation, but substantial deregulation might be an unrealistic ambition.

Coaching, Teaching and Support Work in Lockdown: Safeguarding and Data Protection considerations when working with children online

The COVID-19 crisis has forced sports clubs, schools, universities and charities to rapidly change their approaches to coaching, teaching and support work. The regulations on social distancing have forced organisations to innovate; services which had previously been offered mostly or wholly in person were rapidly shifted online during “lockdown 1” and will return online at least for the duration of “lockdown 3”.  If the vaccine rollout has the desired effect there will no doubt be some return to “traditional” methods, but it seems very unlikely that the changes brought about by the pandemic will be completely reversed.  In this blog, Claire Parry from Kingsley Napley’s Regulatory team and Fred Allen from the Public Law team look at the challenges organisations face engaging with children online.

ICO enforcement action – key considerations for charities in the GDPR era

It is now more than two years since the Data Protection Act 2018 and GDPR came into force, significantly increasing the enforcement powers of the Information Commissioner’s Office (ICO). With the passing of the Act, the ICO gained the power to issue fines amounting to millions of pounds and increased powers to bring criminal prosecutions against organisations who fail to comply with the data protection regime.

The privacy dilemma surrounding the coronavirus contact tracing app

In late April we blogged about the NHSX developing a contact tracing app to help stop the spread of coronavirus and highlighted some of the privacy concerns that will need to be considered in the course of its development. Unfortunately, at the time of writing, the app is still yet to be released nationwide, although a beta version is being trialled on the Isle of Wight and development continues. In this blog we provide an update on the proposed functionality of the app and the privacy issues caused by that functionality which are delaying its release.

COVID-19 and contact tracing apps: A test of public confidence in data privacy?

Dominic Raab announced last week that the current UK lockdown would last for at least another three weeks. These restrictions are unlikely to be relaxed until a large scale plan is in place to track and restrict the spread of the virus. Part of this plan will involve the use of the NHS “contact tracing” app, which we have been told is in an advanced stage of development.

ICO enforcement – key considerations for businesses and organisations in 2020

On 23 May 2020, it will be two years since the Data Protection Act 2018 came in to force. The Act was brought in to compliment and supplement GDPR, and significantly increased the ICO’s enforcement powers. In the build-up to its commencement, there was a flurry of speculation about how these new powers would be used. We now look at the how the ICO has used its enforcements powers in 2019 and highlights key considerations for businesses and organisations in 2020.

An early Christmas present for the tech sector from the CMA?

The Competition and Markets Authority (“CMA”) has today (18 December 2019) given the tech sector an early Christmas present by publishing its interim report on its market study, commenced earlier this year, into online platforms and digital advertising.

Data protection for your business after a no-deal Brexit

At the time of writing, it is possible that the UK could exit the EU on 31 October 2019 (“exit date”) without a deal which means immediately leaving EU institutions such as the European Court of Justice without an agreement over what happens next.

“WhatsApp” with Dominic Grieve’s motion for Brexit communications?

Monday night’s marathon session in Parliament saw a number of issues debated into the small hours and further defeats for the government. While many raised important political and legal issues, one of particular interest to information lawyers, followers of Parliamentary procedure and journalists alike was the endorsement of a “Humble Address” motion brought by former Attorney General, Dominic Grieve.

Overhaul of SARS regime to be welcomed

The Law Commission has this week made an important intervention in the world of anti-money laundering with its report on the Suspicious Activity Report (SARs) regime, including an analysis of weaknesses of the current system and a series of recommendations to make things streamlined, clearer and above all more workable

WhatsApp messages: a treasure trove of evidence in team moves

The Court of Appeal’s judgement in Forse & ors v Secarma Ltd & ors is an important case on springboard injunction applications in employee competition and team move cases. It is also a prime example of how WhatsApp messages can provide crucial evidence in such cases.

How to respond to a subject access request: a step by step guide for organisations

Any individual dissatisfied with the speed or content of an organisation’s response to a SAR will find it quick and easy to complain to your organisation or the ICO. This guide is intended to make responding to SARs as straightforward as possible.

Services

Technology Law

We specialise in acting for early stage companies and for startups, the key asset of many such businesses is their technology.

GDPR Compliance

Our specialist GDPR compliance team can provide your organisation with commercial, properly targeted, expert legal advice so you can meet the requirements of data protection legislation.

Dealing with a Data Breach

Our specialist data breach solicitors can assist you from the moment that a breach is first identified to the conclusion of the legal processes which may follow.

Corporate, Commercial & Finance

Our corporate and commercial lawyers combine strong technical expertise with a track record in delivering flexible and creative solutions.

Public Law

Our 'exceptional' team has over 25 years' experience, acting in the most significant public law cases.

Employment

Whether you are a business or a senior employee, our employment law specialists will give pragmatic and commercial advice.

Dispute Resolution

Dealing with a dispute professionally and commercially takes skill. We assist and support our clients with both legal knowledge and strategy.

Regulatory

Our team of highly experienced lawyers provide advice on regulatory compliance, investigations, adjudication, enforcement and prosecutions.

Cyber Crime

Whether you are facing an investigation or prosecution or are the target of such activity, our cyber crime lawyers can help.

Criminal Litigation

Our criminal lawyers are astute, supportive and highly sophisticated, particularly known for providing strategic, sensible and practical advice.

Data Protection Insights

View all

Blogs

Digital legacy planning and Apple’s new feature

Data: A new direction - Access to personal data

Data: A New Direction - Unleashing the transformational power AI?

Data protection law reform: A new direction?

The UK’s Data Protection Reform Consultation – Good News for Employers?

What is Next for GDPR in the UK, is Change on the Horizon?

Coaching, Teaching and Support Work in Lockdown: Safeguarding and Data Protection considerations when working with children online

ICO enforcement action – key considerations for charities in the GDPR era

The privacy dilemma surrounding the coronavirus contact tracing app

COVID-19 and contact tracing apps: A test of public confidence in data privacy?

ICO enforcement – key considerations for businesses and organisations in 2020

An early Christmas present for the tech sector from the CMA?

Data protection for your business after a no-deal Brexit

“WhatsApp” with Dominic Grieve’s motion for Brexit communications?

Overhaul of SARS regime to be welcomed

WhatsApp messages: a treasure trove of evidence in team moves

How to respond to a subject access request: a step by step guide for organisations

Innovation and data protection compliance: when opposites attract

Our current Brexit options and the consequences for UK data protection law

GDPR Compliance for US Companies

Brexit Update: EU-US Privacy Shield

GDPR for the UK: Brexit and international transfers of personal data

Care homes take heed: if you have failed to pay the ICO data protection fee you could be breaking the law

GDPR and Brexit: the draft withdrawal agreement and data transfers from the EU

Data Protection and the Law of Unintended Consequences…

Disclosure of Suspicious Activity Reports may not amount to Tipping-off, says High Court

Data Protection Act 2018 and law enforcement: an introduction

The Data Protection Act 2018: new criminal offences for data breaches

Data breach reporting – the only way is up

Joint data controllers – yet more data protection uncertainty

Some welcomed guidance for data controllers: Court of Appeal confirms the correct test to be applied when considering a SAR concerning mixed data

GDPR: The significance of the new principle of accountability

The ICO’s Regulatory Action Policy: What to expect in the new GDPR era

GDPR: A guide for therapists

UK-EU security cooperation post Brexit (Part II) - ringing the alarm bell!

UK-EU security cooperation after Brexit (Part I) - approaching the cliff edge

The Data Protection Bill - New Criminal Offences for Data Protection Breaches On Their Way to the Statute Book

Subject Access Requests under the GDPR: What employers need to know

Data protection: A new board room priority

GDPR & Brexit: Data transfers from the EU and the UK’s new status as a “third country”

The £17 million Question - What will the ICO’s enforcement powers be under the GDPR, and how will they be used?

Social Media Giants vs Children – the truth behind social media contracts

An introduction to contracts between data controllers and data processors under the General Data Protection Regulation

When is a data controller liable for the criminal acts of a rogue employee?

The real impact of the GDPR… new notification obligations

An introduction to Data Protection Officers under the GDPR: Should you appoint one?

The EU-US Privacy Shield – One Year On and Still Going Strong

Data Protection – can employers still monitor employees’ communications in light of Barbulescu v Romania?

Block chain: Is the GDPR out of date already?

Implications of GDPR and new Data Protection Bill for employers

Data Protection – 10 further top tips for responding to subject access requests

Close Load more

Skip to content Home About Us Insights Services Contact Accessibility