Data Protection and Cyber Security

What you need to know

Making sure that you are aware of and understand your data flows, have clear and clearly understood policies in place, are engaged on security issues and have all of your processes and procedures in place is a must. 

Good, well thought out and compliant policies will enable you, your customers, your employees and, most importantly, the information regulator to recognise that you take the data processing rules and cyber security seriously.  This will engender confidence in your organisation, and it lowers your risk if subject to investigation following a failure. 

How can we help?

We have experience and expertise in data protection and cyber security at every stage including policy assessment and drafting, insurance, data subject access requests, cross-border data flows, cyber breach, litigation and dealing with information regulators.

Key contact

James Tumbridge and Ashley Roughton have considerable expertise in contentious and non-contentious aspects of data protection and cyber security. 

James advises on global data protection solutions for outsourcing businesses as well on general data policy compliance.  James additionally has experience opposing applications brought by the police for data disclosure across Europe, and before the English Courts.   His experience includes addressing a UK police application to an English Court against GB Company directors with links to a Luxembourg Company, the police sought data possibly held by that Luxembourg Company. The matter raised questions of jurisdiction and control, and the powers of the Court.  Our team advised on the limits/powers of Court disclosure orders as against companies outside the court jurisdiction including companies with a group, and on directors liabilities inter-group.  James also led the team protecting a company's seismic data from release where a government claimed rights over data in the public interest.   James has additionally advised political parties and campaigns on their dealings with the UK Information Commissioner responding to complaints, and considering the appropriateness of orders restraining them from certain forms of communications.  James also sits as Police Tribunal Chairman and has given rulings concerning police officer data breaches. 

Ashley is experienced in all aspects of data protection including pharma, smart buildings, security and database rights (both contentious and non-contentious). He has had recent experience in multi-party solutions to complex data protection problems with cross-border elements and involving sensitive personal data and acting for pharma clients concerning the handling of clinical trial data as well as regulatory data protection. Ashley was the first (and believed to be, the only) counsel to obtain an injunction to restrain a DDoS attack. He has appeared in a significant number of cases in the Court of Appeal and the Information and Upper Tribunals. His first case, as a pupil barrister in 1992, was a data protection case concerning credit reference processing. Ashley is also a member of the editorial board of Privacy and Data Protection Magazine and speaks regularly at PDP and IAPP conferences. Ashley was most recently asked to advise a major charitable organisation on the prospects of successfully appealing the Information Tribunal following the imposition of a monetary penalty. Ashley has also advised and represented insurance companies, loss adjustors and their clients in relation to insurability and claims concerning cyber security. Most recently he was asked to advise an internet service provider in relation to a major security breach.

James and Ashley are supported by Robert Peake and Kate Woolhouse both of whom have wide ranging data protection practices.