Meet the team

Privacy and Data

Shoosmiths LLP

London, England
+1 other location
  • Reading, England
View firm profile

Organigram

Team Services

We offer powerful legal and commercial solutions, so you can maximise value and minimise risk when using your data.

Our experienced and pragmatic Privacy and Data team can help you. Click here to find out more about the team.

Be compliant:

  • Data transfers: strategise how you move data to where you want it to be, using legal mechanisms such as binding corporate rules (BCRs) or standard contractual clauses. We are one of few law firms in the world that specialise in BCRs
  • Drafting and updating of documents: Looking to avoid any unnecessary compliance headaches? Our expert data protection legal advisors can help you with your key policies, procedures and other documents

Be on top of your relationships – managed contract update and negotiation service: robust commercial contracts are a powerful management tool. We can help you find the right solutions at the right time so that your contracts work for you

Be engaged – working productively with data protection authorities: we build constructive relationships with DPAs on your behalf, taking the pressure off you

Be ready – Rapid Response On Call Team and in-house support for breaches: when a critical incident occurs you need a team that hits the ground running. Using tried and tested systems, we give you straightforward and pragmatic solutions when you need them most

Be streamlined – data subject requests: struggling with DSARs? We use innovative tools, templates and in-house experts to streamline this complex and time-intensive task and help you get the job done

Be supported – data protection experts at your disposal: there’s often no substitute for face-to-face meetings. Our expert team can set up mini clinics within your organisation to address live issues, deliver targeted support and keep you ahead of the game

Be in the know:

  • advice: get the key information you need on:
    marketing
  • use of CCTV
  • employee monitoring
  • the sale and purchase of databases
  • freedom of information legislation
  • human rights legislation
  • business models and contractual complexity

training: training your staff and turning them into your first line of defence is key to ensuring effective compliance. Our expert data protection team can offer:

  • bespoke e-learning tools
  • collaborative training and networking sessions with your peers to share best practice
  • one-on-one training and/or legal training sessions

Be forewarned – data breach test: forewarned is forearmed. Our ‘breach out’ room exercise can help you work through responding to a data breach scenario and test your processes. Get the facts you need to protect your organisation

Be a key player – codes of conduct: under the GDPR codes can be used as authority for data transfers. If you want to be included in our industry or sector specific forums creating codes and sharing knowledge and experiences, get in touch and be in the vanguard among your peers

Be certified – data protection certification: certification is a useful way of showing you process personal data in line with the GDPR. It isn’t yet available but get in touch if you want us to keep an eye on developments for you

Data is global and so are we. Our extensive network of personal relationships with law firms around the world means that we can locate the right legal experts for you, manage the project and ensure that the work is carried out efficiently and within your budget. Our network is complemented by our longstanding membership of the World Services Group (WSG), a multi-disciplinary professional services organisation, which brings together leading advisers in over 145 countries across the globe.

We’d be delighted to hear from you. Contact a member of the team today.

Recent experience includes:

Advising a global retail brand in relation to a cyber security breach involving the unauthorised online disclosure of a large volume of personal data, including putting mitigation actions in place to combat negative impact upon brand reputation
Advising one of the world’s largest furniture retailers on various compliance issues, including online collection of data for marketing and sales promotion purposes and the operation of their customer loyalty card database
Advising a global leader in the catering and facilities management sector on all their data protection issues. This has included a multi-site audit of the entire UK business, and subsequently advising on remedial compliance measures, plus the provision of ad hoc advice on various issues, including subject access requests and trans-border data flows to the US parent corporation
Advising a business in connection with an ongoing multi-jurisdiction fraud investigation being undertaken in relation to current and former key personnel, including putting a risk strategy in place regarding data sharing with a data processor based in Japan to ensure the confidentiality of investigations
Working with a technology innovation business to develop a GDPR-compliant strategy to obtaining and utilising video footage of individuals driving to develop artificial intelligence and reduce vehicle collisions
Advising in relation to breaches of the Privacy and Electronic Communications Regulations (PECR) in light of the proposed (although yet to be finalised) ePrivacy Regulation and liaising with businesses to achieve commercial and proportionate settlement of disputes
Advising various clients on handling subject access requests made by customers and employees and ex-employees, including identifying relevant data, advising on exemptions that may be relied upon and data that may be redacted
Managing GDPR supplier contract projects for global or UK corporations to ensure all processor contracts are compliant facilitating greater understanding of the business, relationships and data assets
Helping a client handle a complicated subject access request involving multiple data subjects. This required a detailed and technical analysis of the definition of ‘personal data’ and applying it to large volumes of data, drafting correspondence to the individuals making the request and liaising with the ICO in order to bring the matter to a conclusion