Data Protection

BCL’s privacy and data protection lawyers advise individuals, SMEs and corporates on the rights and obligations arising under UK data protection and information security legislation. The key legislation with which we deal includes the UK GDPR, Data Protection Act 2018 (DPA), the Network and Information Systems Regulations 2018, the Freedom of Information Act 2000 (FOIA), and the Environmental Information Regulations 2004 (EIR).

Our privacy and data protection solicitors advise data controllers on the lawful processing of personal data under the UK GDPR including in response to law enforcement requests / demands for access, transparency obligations, the security and handling of personal data, the outsourcing of processing activities, the exercise of data subject rights including responding to subject access requests, and data protection policies and training.

Our advice is often sought about the impact of data protection laws in relation to internal investigations work, as well as the inclusion of individual profiles on risk compliance databases.

Our work encompasses responding to requests under the FOIA and the EIR for sensitive materials obtained or generated by regulators during serious and high-profile regulatory and criminal investigations.

We deal with crisis management including data breach reporting, as well as responding to ICO information, assessment and enforcement notices issued to data controllers and processors, and the supervision of ‘raids’ when the ICO exercises its entry and inspection powers.

On behalf of individuals, we advise on the enforcement of data subject rights and common law pre-criminal charge privacy obligations, data subject access, the rights to rectification and erasure (the ‘right to be forgotten’), and where necessary the use of redress mechanisms / litigation to enforce data subject rights.

They have a reputation for legal excellence which is richly deserved.

Chambers UK

Our expertise

The services provided by our expert privacy and data protection lawyers include:

  • assistance to data controllers and processors with their data protection / UK GDPR compliance obligations, including internal policies, contractual agreements (data processing agreements) and transparency requirements (privacy / fair processing notices);
  • advising on the application, exceptions to, and enforcement of data subject rights (Articles 12 – 23 of the UK GDPR), including the rights of access, rectification and erasure;
  • advising data controllers on their data protection duties following law enforcement requests / demands for access to personal data as part of criminal investigations, and by parties to civil proceedings, including Norwich Pharmacal relief;
  • data breach handling, including regulatory reporting requirements and reports to law enforcement; and
  • using data protection legislation to enforce individual rights in relation to fraud prevention services and databases.

 

Our experience

Our instructions in the field of data protection include:

  • advising a facial recognition company on the compliance of its state-of-the art, biometric processing technology with UK data protection legislation for the prevention and detection of crime in the UK;
  • working in conjunction with US lawyers of an international payment processor to develop a UK GDPR-compliant decision-making framework for handling law enforcement requests for the voluntary provision of personal data in ‘threat to life’ situations;
  • advising an overseas telematics provider on its UK GDPR obligations following an urgent law enforcement request for the voluntary provision of personal data in relation to a homicide investigation;
  • advising an online dating company regarding its data protection obligations in respect of information requests by UK and US law enforcement authorities;
  • reviewing the commercial documentation and policies of a provider of a secure content-sharing platform to ensure compliance with applicable UK data protection legislation and regulatory guidance;
  • providing data protection compliance advice to UK-based start-up company offering penetration and online threat assessment services, including in relation to data processing agreements;
  • using the provisions of UK data protection legislation to challenge the inclusion of an HNW client’s name and details on a global crime risk database routinely used by financial institutions;
  • challenging UK Government bodies over their disclosure of personal data in response to subject access requests as part of sanctions disputes; and
  • advising a media company on its breach reporting obligations following a cyber-attack.

Julian is extremely well connected like Michael. Michael is a renowned expert in matters relating to national security and tech. He’s a pioneer of the national security data protection field and has all the contacts that anyone would need in that field. There are no improvements I would suggest.

Chambers & Partners (2023)

They are stellar: always committed to the clients’ best interests and never letting up until they have achieved the best possible outcome.

Chambers & Partners (2022)

The firm’s reputation is second to none in the white-collar crime world. It has been at the top of its game for decades.

Chambers & Partners (2022)

The team knows the regulatory landscape better than most firms and is ideally placed to advise when enforcement activity is anticipated.

Legal 500 (2022)

Their expertise goes further than knowledge of law and regulations and extends into the praxis of the use of State power and how to counter its abuse.

Legal 500 (2022)

A firm with a well-deserved reputation for quality.

Legal 500 (2022)

BCL have unique practitioner insight on a range of national security and law enforcement powers and are not afraid to take the hard cases.

Legal 500 (2022)

Use of cookies on this website

Cookies help us analyse site traffic and personalise content to returning visitors. Read about how we use cookies on our Cookie Policy and see how you can control them in cookie settings.