Venner Shipley welcomes Brookes IP Read more
  • Great Britain
  • Germany
  • France
  • China
  • Souht Korea

Data Protection & Cyber Security

Data Protection compliance is a must for any business which processes data relating to people – which is most businesses in the world. Failure to comply with the regulatory regime in Europe can lead to significant fines and injunctions. So you should do regular checks to ensure your policies and procedures are up to date. Making sure that your computer systems are safe and secure is now an item which ought to be on the top of the agenda of every business. Failures to adequately protect data can leave your business at significant risk.

What you need to know

Making sure that you are aware of and understand your data flows, have clear and clearly understood policies in place, are engaged on security issues and have all of your processes and procedures in place is a must.

Good, well thought out and compliant policies will enable you, your customers, your employees and, most importantly, the information regulator, to recognise that you take the data processing rules and cyber security seriously. This will engender confidence in your organisation, and it lowers your risk if subject to investigation following a failure.

How can we help?

We have experience and expertise in data protection and cyber security at every stage including policy assessment and drafting, insurance, data subject access requests, cross-border data flows, cyber breach, litigation and dealing with information regulators. A member of our team also advised the UK Government on the Data Protection Act 2018, giving us a unique understanding of the new data regime.

Our support extends through Privacy, Cyber Security and Data Protection to Blockchain use, crypto-currency and all required online regulatory compliance issues.

Key contact

James Tumbridge has considerable expertise in contentious and non-contentious aspects of data protection and cyber security.

James advises on global data protection solutions for outsourcing businesses as well on general data policy compliance. James additionally has experience opposing applications brought by the police for data disclosure across Europe, and before the English Courts. His experience includes addressing a UK police application to an English Court against GB Company directors with links to a Luxembourg Company, the police sought data possibly held by that Luxembourg Company. The matter raised questions of jurisdiction and control, and the powers of the Court. Our team advised on the limits/powers of Court disclosure orders as against companies outside the court jurisdiction including companies with a group, and on directors liabilities inter-group. James also led the team protecting a company’s seismic data from release where a government claimed rights over data in the public interest. James has additionally advised political parties and campaigns on their dealings with the UK Information Commissioner responding to complaints, and considering the appropriateness of orders restraining them from certain forms of communications. James additionally sits as Police Tribunal Chairman and has given rulings concerning police officer data breaches, and use of the Automatic Number Plate Recognition system.

Our wider team is experienced in all aspects of data protection including pharma, smart buildings, security and database rights (both contentious and non-contentious). We have represented a wide range of clients in their dealings with the UK ICO. Our experience includes helping in multi-party solutions to complex data protection problems with cross-border elements involving sensitive personal data and acting. We have also assisted pharma clients concerning the handling of clinical trial data as well as regulatory data protection. Our clients also include charities and political organisations who turn to us for our unique understanding of the inter play between data and their regulator environment.

We regularly offer bespoke training to a wide range of entities. Those we have assisted include the Serious Fraud Office, three UK police forces, charities, political campaigns, various companies from theme parks to software service providers, loss adjustors and their clients in relation to insurability and claims concerning cyber security.

James is supported by Robert Peake and David Pountney.

  • Data Blast: Information Commissioner issues call to action on cookie pop-ups; Table service apps called out for excessive data collection and more…

  • Data Blast: Amazon fined 746 million euros for targeted ads; Hundreds of European businesses face cookie complaints to regulators and more…

  • Data Blast: EU-UK data flows maintained with Commission confirming UK meets protection standards and much more…

  • Webinar: GDPR & data protection – are we still worried?

  • Take care when testing your invention – even on private land!

  • Connected vehicles – new regulatory guidance highlights the importance of data protection laws in the design process

  • Data Blast: Company fined over €450,000 for delayed reporting of a data breach and much more…

  • Data Blast: French authorities find that a data processor is also liable for inadequate security leading to data breach and more…

  • Data Blast: Dating app Grindr faces fine of 10% of annual global turnover; ICO seeking answers from Facebook over sharing of WhatsApp data…

  • Data Blast: UK set to receive adequacy decisions by the European Commission; 2020 saw increase in GDPR fines and data breach notifications and more…

  • The English High Court considers the extra-territorial scope of the GDPR for the first time

  • Is there a right of confidence in live sports data?