BCL Solicitors LLP BCL Solicitors LLP

Financial, Corporate and General Crime Solicitors

Toggle menu

Skip to content
MENUMENU
  • Home
  • About
  • Services
    • Corporate Crime
    • Financial Crime
    • Regulatory
    • Serious and General Crime
  • People
  • Commendations
  • News & Insights
    • News
    • Insights
    • Legal guides
  • Careers
  • Contact

Data Protection

Data Protection

“They have a reputation for legal excellence which is richly deserved.”

Chambers UK

Whether malicious or inadvertent, internal or external, breaches of data security have the potential to cause extreme disruption to individuals and businesses. As the frequency, severity and public awareness of data incidents has grown, the risks of reputational damage, substantial regulatory penalties and litigation from aggrieved data subjects have increased significantly, pushing business concern over data protection ever higher up in the corporate agenda.

The law relating to data protection is principally contained in the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA”), whose regulatory and enforcement provisions are overseen by the Office of the Information Commissioner (“ICO”). The GDPR and DPA regulate the control and processing of data by entities such as companies, firms and sole traders established in the UK. The data protection legislation creates a series of rights for individuals and obligations on controllers and processors of data in relation to the handling and treatment of personal data and “special category” personal data. It also controls the transfer of such data overseas, including following MLA requests to the UK authorities by foreign regulators and investigators such as the US Securities and Exchange Commission (“SEC”) and Department of Justice (“DOJ”). For the first time, the GDPR requires that personal data breaches are reported to the ICO unless there is unlikely to be a risk to the rights and freedoms of data subjects. Timing is critical, with notification necessary as soon as feasible, and not later than 72 hours of the controller becoming aware of a breach.

Subject to certain defences, offences under the DPA such as “blagging” (broadly, obtaining or disclosing personal data without the data controller’s consent) are prosecuted in the criminal courts and can lead to unlimited fines. Corporates and their directors may also be found liable where offences are committed with the consent, connivance or neglect of those directors or company officers.

The ICO may also impose very substantial monetary penalties on data controllers for breaches of the GDPR, in some instances up to €20 million or 4% of total worldwide turnover, whichever is the higher.

BCL advises businesses and individuals with regard to data security, data protection policies, ICO investigations and audits, GDPR compliance and the defence of criminal and administrative proceedings under the data protection legislation. We assist in crisis management with reference to the reporting of data breaches and criminal liability, as well as Norwich Pharmacal relief and the strategic use of subject access requests and requests under the Freedom of Information Act 2000

Contact Us

  • +44 (0)20 7430 2277
  • law@bcl.com
null

Michael Drury

Partner
null

Julian Hayes

Partner

Related Services

Cyber Crime

Cyber crime and cyber security are receiving increasing global attention due to online activity being prevalent in day to day life and the associated rapid growth of online data…

Read more

Surveillance & Interception

The Regulation of Investigatory Powers Act 2000 (“RIPA”) provides a statutory framework to allow public authorities, including the police and intelligence services, to conduct interception and surveillance activities…

Read more

Corporate & Director Liability

BCL’s large team of specialist lawyers acts for corporates and/or directors and senior managers in investigations by all major UK law enforcement agencies, as well as in relation to international and multi-jurisdictional investigations…

Read more

Related articles

h6
The Barrister magazine

BCL’s Julian Hayes and Andrew Watson discuss the NIS Regulations with The Barrister Magazine

BCL’s Julian Hayes and Andrew Watson’s article ‘’Preparing for the worst but operating at our best – Reform of the NIS...
Read More
Data protection Cyber Security Privacy Business Internet Technology Concept

“Preparing for the worst but operating at our best” – Reform of the NIS Regulations

With cybercrime rates doubling since 2019, and ransomware tripling since 2020, the UK government is seeking to bolster the na...
Read More
Internet network security, personal data protection concept.

The globalisation of criminal evidence and the UK-US Data Sharing Agreement

BCL partners, Michael Drury and Julian Hayes discuss the implementation of the much delayed UK-US data sharing agreement (Clo...
Read More

Contact Us

  • Tel: +44 (0)20 7430 2277
    Fax: +44 (0)20 7430 1101
  • law@bcl.com
  • 51 Lincoln's Inn Fields
    London WC2A 3LZ

    DX 37981 Kingsway

Latest News & Insights

  • John Binns discusses ’’Overview of anti-bribery and criminal law in the life sciences sector’’ with LexisNexis
  • Defending failure to prevent offences
  • John Binns writes for Money Laundering Bulletin discussing the UK’s law enforcement on Russian oligarchs

Accreditations

  • Home
  • People
  • Videos
  • Corporate Social Responsibility
  • Equality, Diversity, and Inclusion
  • Legal Notices
  • Transparency
  • Privacy Policy
Copyright © 2022 BCL Solicitors LLP. All rights reserved.