GDPR – how we can help

Since the GDPR came into force across Europe from 25 May 2018, compliance with data protection and privacy laws is a growing challenge for both EU organisations and non-EU organisations doing business in the EU.

Ethical data protection practices are now essential, both for maintenance of customer goodwill and for legal risk management. With the potential for substantial fines for non-compliance of up to 4% of annual worldwide turnover or €20 million, whichever is greater, data protection is no longer an issue only for IT and marketing departments, but is on the agenda for every Board of Directors.

We have substantial experience of advising a range of clients on data protection, privacy and cyber issues including innovative fintech and adtech companies, financial and professional services firms including UK and US law firms, and multinational businesses in UK, as well as international organisations.

How can we help?

We provide clear, commercially pragmatic, good sense advice on compliance with GDPR and a rapidly evolving data privacy regulatory regime. We highlight where compliance steps are required, prepare policies and contractual arrangements, support our clients in dealing with data subject requests and complaints, and provide risk management advice and support in the event of any incident occurring.

In particular we have extensive experience in the following areas:

  • Drafting privacy policies, data retention policies, and incident response plans
  • Data processing arrangements, including due diligence on vendors, and drafting and negotiating data processing and data sharing agreements
  • Data protection and HR, including drafting staff data protection polices, communications monitoring, recruitment and selection
  • International data transfers, including implementation of Standard Contract Clauses, Privacy Shield and Binding Corporate Rules
  • Advising on responding to or enforcing personal rights, including data subject access requests, the right to be forgotten and data portability
  • Compliance with e-Privacy regulations relating to e-marketing and use of cookies and similar tracking technologies
  • Advising on data protection compliance with new technologies such as AI, facial recognition, biometrics
  • Carrying out data protection impact assessments or compliance audits
  • Provision of data protection training to staff
  • Dealings with the ICO and other regulatory authorities, investigations and proceedings
  • Defending or bringing claims for damages for breach of data protection laws
  • Due diligence on company and business asset acquisitions

In the event of a personal data breach incident we provide rapid legal support to mitigate legal risk including compliance with reporting requirements, communications to data subjects, service providers and other stakeholders, and handling legal claims.

Contact us

For assistance with GDPR compliance or in relation to data protection and privacy matters, please contact Nigel Miller at nmiller@foxwilliams.com