Data Protection
“They have a reputation for legal excellence which is richly deserved.”
Chambers UK
BCL’s privacy and data protection lawyers advise individuals, SMEs and corporates on the rights and obligations arising under UK data protection and information security legislation. The key legislation with which we deal includes the UK GDPR, Data Protection Act 2018 (DPA), the Network and Information Systems Regulations 2018, the Freedom of Information Act 2000 (FOIA), and the Environmental Information Regulations 2004 (EIR).
Our privacy and data protection solicitors advise data controllers on the lawful processing of personal data under the UK GDPR including in response to law enforcement requests / demands for access, transparency obligations, the security and handling of personal data, the outsourcing of processing activities, the exercise of data subject rights including responding to subject access requests, and data protection policies and training.
Our work encompasses responding to requests under the FOIA and the EIR for sensitive materials obtained or generated by regulators during serious and high-profile regulatory and criminal investigations.
We deal with crisis management including data breach reporting, as well as responding to ICO information, assessment and enforcement notices issued to data controllers and processors, and the supervision of ‘raids’ when the ICO exercises its entry and inspection powers.
On behalf of individuals, we advise on the enforcement of data subject rights and common law pre-criminal charge privacy obligations, data subject access, the rights to rectification and erasure (the ‘right to be forgotten’), and where necessary the use of redress mechanisms / litigation to enforce data subject rights.
Our expertise
The services provided by our expert privacy and data protection lawyers include:
- assistance to data controllers and processors with their data protection / UK GDPR compliance obligations, including internal policies, contractual agreements (data processing agreements) and transparency requirements (privacy / fair processing notices);
- advising on the application, exceptions to, and enforcement of data subject rights (Articles 12 – 23 of the UK GDPR), including the rights of access, rectification and erasure;
- advising data controllers on their data protection duties following law enforcement requests / demands for access to personal data as part of criminal investigations, and by parties to civil proceedings, including Norwich Pharmacal relief;
- data breach handling, including regulatory reporting requirements and reports to law enforcement; and
- using data protection legislation to enforce individual rights in relation to fraud prevention services and databases.
Our experience
Our instructions in the field of data protection include:
- advising a facial recognition company on the compliance of its state-of-the art, biometric processing technology with UK data protection legislation for the prevention and detection of crime in the UK;
- working in conjunction with US lawyers of an international payment processor to develop a UK GDPR-compliant decision-making framework for handling law enforcement requests for the voluntary provision of personal data in ‘threat to life’ situations;
- advising an overseas telematics provider on its UK GDPR obligations following an urgent law enforcement request for the voluntary provision of personal data in relation to a homicide investigation;
- advising an online dating company regarding its data protection obligations in respect of information requests by UK and US law enforcement authorities;
- reviewing the commercial documentation and policies of a provider of a secure content-sharing platform to ensure compliance with applicable UK data protection legislation and regulatory guidance;
- providing data protection compliance advice to UK-based start-up company offering penetration and online threat assessment services, including in relation to data processing agreements;
- using the provisions of UK data protection legislation to challenge the inclusion of an HNW client’s name and details on a global crime risk database routinely used by financial institutions;
- advising a media company on its breach reporting obligations following a cyber- attack; and
- advising and representing an HNW client in respect of a wide-ranging data subject access request made in the context of an employment dispute.
What the directories say about us for this area:
”Julian is extremely well connected like Michael. Michael is a renowned expert in matters relating to national security and tech. He’s a pioneer of the national security data protection field and has all the contacts that anyone would need in that field. There are no improvements I would suggest.”
Chambers & Partners (2023)
”We principally work with Julian Hayes and Michael Drury, who both have deep expertise in surveillance and data protection law, among other important areas. Michael can draw upon his decades of expertise, both within GCHQ and as outside counsel to private companies. Michael’s experience and expertise in government surveillance and computer crime matters is truly unparalleled. His analyses are brilliant and his guidance is always practical and client friendly. We always have complete trust in his recommendations. Overall, his level of sophistication, client service and commercial awareness are very strong.”
Chambers & Partners (2023)
”The depth and breadth of their team is also very strong and both partners I work with are extremely knowledgeable and have decades of experience. Michael and Julian are experts in their field and always provide top-class advice in a timely manner. Michael is a phenomenal lawyer who is extremely knowledgeable on data protection and national security issues. He consistently provides strategic and tactical advice. I would say that his client service, commercial awareness and level of sophistication are all very strong.”
Chambers & Partners (2023)
”They are stellar: always committed to the clients’ best interests and never letting up until they have achieved the best possible outcome.”
Chambers & Partners (2022)
”The firm’s reputation is second to none in the white-collar crime world. It has been at the top of its game for decades.”
Chambers & Partners (2022)
”The team knows the regulatory landscape better than most firms and is ideally placed to advise when enforcement activity is anticipated.”
Legal 500 (2022)
”Their expertise goes further than knowledge of law and regulations and extends into the praxis of the use of State power and how to counter its abuse.”
Legal 500 (2022)
”A firm with a well-deserved reputation for quality.”
Legal 500 (2022)
”BCL have unique practitioner insight on a range of national security and law enforcement powers and are not afraid to take the hard cases.”
Legal 500 (2022)
”BCL is one of the very few firms that is able to properly advise clients in the area where data protection issues overlap with the criminal law. Most data protection specialists don’t know anything about the criminal law and most criminal lawyers don’t know anything about data protection – what they offer is therefore unique.”
Legal 500 (2021)
Related Services
Cybercrime & Online Safety
BCL advises in relation to a wide variety of cybercrimes including the misuse of computers and social media, offences relating to personal data, investigatory powers and national security crimes, as well as intellectual property offences.
Surveillance & Interception
BCL’s knowledge of surveillance and interception law is unrivalled, drawing on the outstanding experience of the former Director of Legal Affairs at GCHQ, Michael Drury. The main focus of the team’s work is the UK’s complex investigatory powers legislation and associated Codes of Practice laws which govern access to electronic and other information by law enforcement authorities and the security services.
Corporate & Director Liability
BCL’s large team of specialist lawyers acts for corporates and/or directors and senior managers in investigations by all major UK law enforcement agencies, as well as in relation to international and multi-jurisdictional investigations…