We specialise in data protection and information law. Typically, we work with clients to design and implement GDPR compliance policies, and documentation and training on these, privacy measures; design data protection impact assessment procedures; write compliant and clear privacy notices policies; respond to data breaches (liaising with cyber security specialists); notify and engage with the ICO; prepare communications to data subjects; and handle media interest.
We represent data controllers who are facing monetary penalty notices and other sanctions by the ICO and on appeals to the First Tier Tribunal.
We also advise and represent clients on all aspects of FOIA; Environmental Information Regulations; HRA; confidentiality; official secrets; Investigatory Powers Act; Computer Misuse Act and the Network and Information Systems (NIS) Directive.
Clients include central government departments and agencies; healthcare providers (primary and secondary); local authorities; financial services providers; security and defence sector; law firms, architects and accountancy practices; charities; utilities and passenger transport operators.
Our approach, always informed by a deep understanding of the law, is pragmatic, risk-based, and commercially astute.