Data protection for business

Data protection is part of privacy law. Collyer Bristow has one of the most experienced privacy teams in the country having given data protection advice and acted in data protection claims routinely since the Data Protection Act was introduced in 1998, represented the core participants in the Leveson Inquiry and acted in much of the phone hacking litigation.

Our extensive media experience means that we are exceptionally well placed to help you plan for and deal with the adverse coverage that can often flow from data protection breaches.

The General Data Protection Regulation (GDPR) will be incorporated into UK law on 25 May 2018 and will have a significant impact on businesses both within and outside the European Union. Individuals will have greater rights, including the right to compensation, and stronger judicial remedies against businesses which breach them. Businesses can expect a sharp increase in claims brought against them, including class actions. The sanctions businesses face from regulators for breach of the regulation will be tough: fines of up to Euro 20 million or 4% of global annual turnover.

Importantly, the new regulation will cover all businesses offering goods or services to EU residents, regardless of where the data is being processed.

It is vital that businesses are aware of the forthcoming changes in regulation and start to prepare early.

How we can help you

We can advise you on the proposed new GDPR legislation and all aspects of the existing data protection regime (under the European Directive 95/46/EC and the Data Protection Act 1998) including advice on:

  • How to respond to Subject Access Requests;
  • How to respond to requests for rectification or erasure;
  • How to deal with investigations by the Information Commissioner’s Office;
  • Representing you in cases which go to the Information Tribunal;
  • Defending data protection claims in court.
  • Whether any criminal offences may have been committed

Our services in relation to the new EU regulation include:

Helping your business prevent a breach by:

  • Conducting an inventory of your data assets;
  • Highlighting activities which may be caught under the new regulation (which are not caught by the existing rules);
  • Advising on how to make your business operations compliant with the new regulation;
  • If you are a “data processor”, helping you meet your obligations under the new regulation
  • Advising on whether you can conduct customer profiling

Assisting you in dealing with a breach of the regulation including;

  • Establishing whether your business has, in fact, committed a breach under the new regulation
  • Advising on how and when to notify a breach to the regulator
  • Advising on when you are required to notify a breach to the individuals concerned
  • Defending you in investigations brought by the regulator
  • Advising you on any aggravating or mitigating factors in relation to a breach
  • Defending you when individuals seek a judicial remedy for breach of their data protection rights (including class actions)

Additional information