Firms To Watch: Data protection, privacy and cybersecurity

At Hill Dickinson LLP, the focus is firmly on the healthcare sector; the firm consquently handles data processing agreements and breaches on behalf of a plethora of NHS bodies. Eleanor Tunnicliffe is the key contact.
At Kennedys, the focus is most strongly on incident response work, but the team is expanding its offering across the data advisory landscape. Tom Pelham acts as global head, while Ollie Dent oversees EMEA-wide work.
At Leigh Day, the privacy, data protection and information law team – helmed by Sean Humber – sits within the human rights department. The key focus is on bringing large group claims on behalf of individuals affected by data breaches.

Data protection, privacy and cybersecurity in London

Bird & Bird LLP

At Bird & Bird LLP, the large privacy and data protection team is ‘on top of cutting-edge trends‘. The group is noted for its sector-specific expertise in the advertising, financial services, pharmaceutical, luxury goods, sports, technology and telecoms fields, and consequently receives instruction from an impressive roster of household names in these areas. Ruth Boardman co-heads the firm’s international offering from the London office. James Moss utilises his previous experience as legal director of enforcement at the ICO to the benefit of his clients. Alex Dixie brings his ‘unique technical insights‘ to his role as head of the dedicated adtech practice. Gabriel Voisin and Elizabeth Upton are also key names in the department.

Responsables de la pratique:

Ruth Boardman


Autres avocats clés:

Gabriel Voisin; Elizabeth Upton; Alex Dixie; James Moss; Alex Jameson


Les références

‘The team is on top of cutting-edge trends. I rely on them to advise on difficult issues. Top quality lawyers.’

‘Alex Dixie is particularly excellent. He has great expertise in his areas of practice and is also a nice person to know. I enjoy working with Alex and rely on him to help with the most difficult challenges.’

‘Bird & Bird’s exceptional depth of knowledge and understanding of the sports data industry coupled with their strong technical expertise and ability to advise on complex, cross-jurisdictional matters.’

Principaux clients

Tencent


Anthropic


Adevinta


Principaux dossiers


  • Assisted Tencent with developing an innovative games compliance platform.
  • Advised Anthropic on privacy questions arising in the context of AI development.
  • Assisted Adevinta with the process of uniting over 60 million of the customers of two platforms in order to permit a single source of truth and cross-border listings between online platforms.

Bristows LLP

For the clients of Bristows LLP, ‘everything just happens in a very smooth way to a high level of satisfaction‘. Mark Watts heads up the data protection team, leveraging his particular expertise in managing global compliance projects and regulatory litigation. Marc Dautlich‘s practice focuses primarily on the technology and life sciences sectors, reflecting a broader firm-wide specialism. Alex Keenlyside is a key name for claims brought in relation to content, as is ‘standout data protection professionalHannah Crowther. The group is well regarded for its strength in depth at all levels, with notable junior specialists including Jamie Drucker and Faye Harrison. In spring 2024, the department welcomed Julian Darrell, the former European head of litigation at TikTok.

Responsables de la pratique:

Mark Watts


Autres avocats clés:

Jamie Drucker; Hannah Crowther; Marc Dautlich; Christopher Millard; Alex Keenlyside; Faye Harrison; Julian Darrell


Les références

‘The Bristows team has a very strong focus on interpersonal relationships. Everything just happens in a very smooth way to a high level of satisfaction.’

‘We work primarily with Mark Watts and Jamie Drucker. Both are highly knowledgeable and professional, and have a very strong focus on understanding client requirements.’

‘They have lawyers who understand the need for a company to be practical, so there is a good balance of legal analysis, and practical and actionable solutions.’

Principaux clients

OpenAI


Google


TikTok


DeepMind


Twitter/X


Xandr


Nationwide


Warner Bros Discovery


Direct Marketing Association


Meta


Principaux dossiers


  • Advising OpenAI on all aspects of data protection compliance.
  • Advising Warner Bros Discovery on a broad range of data protection matters, including implementation of AI technologies, processing of biometric data and the roll-out of the MAX streaming service.
  • Provided EU and UK-wide data protection compliance support to X, inclduing preparing risk assessments, providing product counselling advice, and supporting X with regulatory engagements with the Irish Data Protection Commission.

Dentons

The team at Dentons comprises a ‘really smart bunch of practical advisors‘ who take a ‘methodical and deliberate approach to tackling their work‘. London-based Simon Elliott acts as the head of data privacy and cybersecurity for the UK, Ireland and the Middle East, exemplifying firm’s cross-border focus. Antonis Patrikios is noted for his ‘timely and pragmatic‘ responses to both cybersecurity incidents and advisory issues. Nick Graham, the department’s founding partner, remains an active presence, assisting with international data transfers and adtech matters, as well as developing the AI piece. The group’s client roster includes a growing swathe of notable data and technology players, and is testament to particular strength in these fields. Of counsel Kuan Hon is another crucial member of the team; she is a member of the UK government’s International Data Transfer Expert Council.

Responsables de la pratique:

Simon Elliott


Autres avocats clés:

Nick Graham; Antonis Patrikios; Dr Kuan Hon


Les références

‘Really smart bunch of practical advisors, great attention to detail, and strong problem solving.’

‘Methodical and deliberate approach to tackling their work.’

‘I highly recommend them as a “one-stop shop” for anyone who is seeking a cost-effective way to navigate this complex area in the multi-jurisdictional context.’

Principaux clients

Avis Budget Group


Virgin Atlantic


John Lewis Partnership


Meta Platforms


Global Payments


Miro


Dentsu


SheerID


Sky UK


Frasers Group


Principaux dossiers


  • Advising Meta on various data protection matters and compliance measures.
  • Advising Avis Budget Group on all aspects of global data protection compliance and related issues.
  • Providing Virgin Atlantic’s data privacy operations with strategic and operational support across the full range of data privacy issues facing the company.

Hogan Lovells International LLP

Hogan Lovells International LLP‘s privacy and cybersecurity team ‘has deep expertise in digital policies and is au courant with the latest developments‘, and is well regarded for forging close relationships with policy makers and regulators. Eduardo Ustaran, who is described as ‘the crown jewel of the practice‘, leads the firm’s global offering in this area, as well as helming the London-based group. Nicola Fulford‘s workload ranges from assisting with international data transfers to advising on compliance strategies, and she is noted for her focus on the financial services sector. Recently, the firm has seen increased instruction in relation to AI and biometrics issues.

Responsables de la pratique:

Eduardo Ustaran


Autres avocats clés:

Nicola Fulford; Dan Whitehead; Katie McMullan


Les références

‘Eduardo Ustaran is, of course, the crown jewel of the practice. His experience is long and deep, but perhaps more importantly he is one of just a handful of thought-leaders with the power to shape the views and practices of the data protection community. He is invariably pragmatic and commercially-minded in his advice, which is always full of common sense.’

‘The Hogan Lovells practice is very strong not only in “pure” privacy and data protection matters around the world, but cyber incident response and litigation as well. A one-stop-shop with expertise and actionable advice to this extent is rare, and reassuring for those of us in-house.’

‘I should call out Dan Whitehead – almost unbelievably responsive, at all hours, and kept calm (and kept me calm) in the face of numerous stressful situations.’

‘Dan Whitehead’s knowledge of privacy and data protection law and practice is second to none.’

‘The HL team has deep expertise in digital policies and is au courant with the latest developments which is not an easy feat given the accelerated pace of AI and privacy policy-making in various jurisdictions and multilateral bodies. They provide nuanced guidance which shows a good understanding of a client’s business model, and can operate effectively under time pressure.’

‘Dan Whitehead has been our go-to person at HL in the last two years. Dan quickly establishes a rapport with a client. He is deeply knowledgeable, intellectually curious and is able to grasp the key features of a business model or technology to tailor his advice. His impact assessment of forthcoming legislation was precise and comprehensive and, importantly, he presented it on several occasions to senior stakeholders in a clear and succinct way, varying delivery and emphasis to ensure relevance for his audience (legal or business).’

Principaux clients

adidas


Salesforce


IBM


Multiple Clients – Implementation of BCR


Sotheby’s


BNY Mellon


Chanel


Baxter Pharmaceuticals


Principaux dossiers


  • Advising Salesforce.com on a broad range of compliance and commercial issues relating to privacy and cybersecurity, including assisting with its strategy to comply with Schrems II and the implementation of BCRs in the EU and the UK.
  • Advising Sotheby’s on strategic and operational issues across all data processing operations affecting the business.
  • Drafting a comprehensive data processing agreement tailored to facilitate the provision of a customer experience management platform for BNY Mellon.

Linklaters LLP

Linklaters LLP enjoys a reputation amongst clients for providing ‘world-class advice on the most complex matters‘. Recent highlights for the team include representing well-known names in privacy enforcement actions, advising on innovative AI projects, and building out existing privacy compliance programmes to include cutting-edge technology. Richard Cumbley oversees the TMTIP group, and is regularly called upon to handle critical data breach incidents. Georgina Kon acts as co-head of the firm’s dedicated cybersecurity practice, and is the go-to contact for such work. The ‘wonderfully astuteGreg Palmer has notable strength in relevant litigation, while Peter Church excels at the intersection between technology and privacy law. Patrick O’Connell and Alaister Johnson are also recommended experts.

Responsables de la pratique:

Richard Cumbley


Autres avocats clés:

Georgina Kon; Patrick O’Connell; Peter Church; Greg Palmer; Alaister Johnson


Les références

‘Very experienced team with a good international reach.’

‘Georgina Kon was absolutely excellent. There was no question that she couldn’t answer and she genuinely is a pleasure to work with.’

‘Greg Palmer’s advice and support is always excellent, showing huge experience in privacy and data protection, and broader commercial understanding. He is very approachable, pragmatic and a pleasure to work with!’

Principaux clients

Experian


Principaux dossiers


  • Acting for Experian in a privacy appeal against the ICO’s enforcement notice.

A&O Shearman

A&O Shearman was formed in May 2024 as a result of the much-awaited merger between Allen & Overy and Shearman & Sterling. The data protection team now fields a four-partner bench comprising the ‘approachable and availableJane Finlayson-Brown; Nigel Parker; and ex-Norton Rose Fulbright cyber specialists Charlie Weston-Simons and Ffion Flockhart. The group is well versed in the gamut of relevant matters, both contentious and advisory, with regular mandates including regulatory investigations, breach responses, and post-incident disputes. AI has been an area of particular growth, with the practice seeing increasing instructions from notable names across the breadth of sectors.

Responsables de la pratique:

Jane Finlayson-Brown; Nigel Parker; Ffion Flockhart; Charlie Weston-Simons


Autres avocats clés:

Alex Shandro; Steve Hadwin; Karishma Brahmbhatt


Les références

‘I appreciate that the team can provide strategic advice. They are really up-to-date with the latest regulatory developments.’

‘Jane Finlayson-Brown really stands out in the team with her practical advice.’

‘Jane Finlayson-Brown is approachable and available and always gives sound advice.’

Principaux clients

Four Seasons Hotels & Resorts


Robinhood


Experian


Sage


Nikon


News UK


Moonpig


IMI Precision Engineering


Nokia


Samsung


Baker McKenzie

The data protection, privacy and information security team at Baker McKenzie is recommended by clients as ‘terrific to work with‘ and is highly regarded for its ability to ‘provide risk-thoughtful advice‘. Vinod Bange helms the group, closely supported by Julia Wilson, who specialises in mandates straddling the employment and data spheres, and ‘subject matter expertJohn McGovern. AI and other emerging technologies have been keeping the practice busy of late, as have cybersecurity incidents. On the contentious side, ICO investigations are a regular source of work.

Responsables de la pratique:

Vinod Bange


Autres avocats clés:

Julia Wilson; John McGovern; Helen Davenport


Les références

‘I have worked closely with John McGovern over the past year. His areas of coverage relate to some of the most legally complex and high profile UK/EU privacy and regulatory challenges currently being considered by market leaders. Advising in this area necessitates the application of GDPR to cutting edge technology combined with a requirement to be highly skilled in detailed advice. John is a subject matter expert at this.’

‘John McGovern has been indispensable to my company over the past year. When brought onto a new matter, he quickly reads in to understand our technology, products and processes in order to be able to understand the issues and advise the business effectively.’

‘John McGovern is efficient, pragmatic and superbly responsive. His extensive knowledge and expertise in his field, coupled with his collaborative nature, make him a joy to work with.’

Clifford Chance LLP

At Clifford Chance LLP, a cross-practice group of specialists brings expertise to the gamut of data protection and cybersecurity issues, resulting in ‘an incredible unit of highly-motivated and skilled lawyers, from partners down to junior associates‘. Jonathan Kewley acts as the department’s global co-head, bringing his extensive expertise in data compliance issues to the role. Samantha Ward and Kate Scott are the key names for contentious matters, including regulatory investigations, while Herbert Swaniker stands out on the advisory front, and regularly assists with data transfer strategies and issues concerning emerging technologies.

Responsables de la pratique:

Jonathan Kewley


Autres avocats clés:

Herbert Swaniker; Kate Scott; Samantha Ward; Claudia Hall


Les références

‘In terms of both quality and depth of availability, Clifford Chance have built an incredible unit of highly-motivated and skilled lawyers, from partners down to junior associates.’

‘For premium clients and high-value matters there are few better teams, both in terms of building compliance programmes from scratch and dealing with complex novel issues.’

‘Jonathan Kewley is a superstar. He combines strong legal knowledge with exceptional business sense and is highly regarded by clients and colleagues alike.’

Principaux clients

Admiral


Bullish


CVC


EY


FIA


HSBC


M&G


Nedbank


Permira


PNC


Swiss Re


Viatris


CNC Group


Cerberus


Deliverect


Golden Goose


MHR


Nordea


Partners Group


SS&C


News Group Newspapers


Principaux dossiers


  • Advising a US-headquartered technology company on a range of global data law issues.
  • Advising a major global automotive company on a range of data protection, privacy and technology transformation projects.
  • Advising a global healthcare company on various data protection and cybersecurity matters.

CMS

CMS fields a ‘great bench depth of skilled advisors who can handle any task‘. Emma Burnett leads the data protection team, and is seen as a go-to advisor by household names spanning the retail, technology and media sectors. The group is particularly well regarded for its ‘deep knowledge and expertise in the field of cybersecurity‘, and is regularly instructed following breaches and other incidents. Other areas of activity include the data aspects of M&A deals and, more recently, innovative AI projects.

Responsables de la pratique:

Emma Burnett


Autres avocats clés:

Duncan Turner


Les références

‘They were thorough, responsive and available to us at all times.’

‘Great bench depth of skilled advisors who can handle any task.’

‘The practice work incredibly hard to understand our business and our specific needs.’

Principaux dossiers


  • Advising a large international development organisation on the data protection impacts of various digital economy projects in developing nations.
  • Advising a global technology company on its innovative AI-driven healthcare system and its introduction into the UK market.
  • Advising a major global retailer on various aspects of its data protection compliance strategy for its international marketplace platform.

DLA Piper

DLA Piper works with a host of leading domestic and international clients on a range of complex mandates, including data breaches, privacy litigation and multijurisdictional compliance, and enforcement matters. The pratice is chaired by Ross McKean, a highly experienced partner who serves as a key port of call to some of the firm’s most high-profile clients. Simon Persoff – who rejoined the practice in September 2024 – is noted for his focus on the financial services, insurance, life sciences, and technology sectors. Other key figures include contentious specialist David Cook; James Clark, recommended for his experience in life sciences, insurance, and government work; and Linzi Penman, whose recent focus areas include AdTech and app user journey issues.

Responsables de la pratique:

Ross McKean


Autres avocats clés:

Simon Persoff; David Cook; James Clark; Linzi Penman


Eversheds Sutherland (International) LLP

Some of the largest technology, retail, financial services and life sciences businesses turn to Eversheds Sutherland (International) LLP, knowing that the team ‘understands the client well and tailors advice accordingly‘. The practice is well versed in AI, online safety, data and access issues which traverse data, competition, consumer and criminal law. Paula Barrett acts as the firm’s privacy, information and cybersecurity group lead for the UK, Europe, the Middle East, Africa, Latin America and Asia, as well as co-leading the global practice. Liz Fitzsimons is another key name, and is singled out as ‘a real expert in this area‘.

Responsables de la pratique:

Paula Barrett


Autres avocats clés:

Liz Fitzsimons; Philip James; Gayle McFarlane; Dave Hughes


Les références

‘The team has excellent expert knowledge and gives good practical advice. They understands the client well and tailors advice accordingly.’

‘Liz Fitzsimons is a real expert in this area and provides very practical advice based on a strong understanding of ICO practice etc.’

‘Experts in their field and also very pragmatic and commercial. Their advice is always realistic and their understanding of technology and the sectors is excellent.’

Principaux clients

Meta


Dyson


LHR Airports Ltd (Heathrow Airport)


Akamai


Thames Water Utilities Ltd


Specsavers


DWR Cymru Welsh Water


IATA


Keurig Dr Pepper


NEST Corporation


MicroStrategy


Kering Group


WC Bradley


National Grid


Telford & Wrekin Council


Ecclesiastical Insurance Office plc


South London Coroner


Fieldfisher

At Fieldfisher, Hazel Grant helms the technology and data practice, with a workload spanning compliance projects, international data transfers, binding corporate rules, data audits, and breach response. The group has wide-ranging sector expertise, and assists major names from fields as diverse as technology, financial services, retail and life sciences. Nuria Pastor is regularly instructed to act as an external data protection officer, while Renzo Marchini is a go-to contact for disputes relating to data. Summer 2023 was a time of growth at partner level for the team, with the promotion of Kirsten Whitfield, shortly followed by the arrival of Sarah Tedstone from Shoosmiths LLP.

Responsables de la pratique:

Hazel Grant


Autres avocats clés:

Nuria Pastor; Renzo Marchini; Leonie Power; Sarah Tedstone; Kirsten Whitfield


Principaux clients

TikTok/Bytedance


Citigroup


International Tennis Integrity Agency


Ancestry Ireland Unlimited


Intuit Inc. (and Mailchimp)


Deltatre Limited


The Incorporated Society of British Advertisers (ISBA)


Hasbro Inc.


Principaux dossiers


  • Advising TikTok/Bytedance on various data protection issues.
  • Instructed as external data protection officer for Intuit Inc and Mailchimp.
  • Advising Hasbro on marketing, advertising, adtech, and children’s personal data protection.

Latham & Watkins

The team at Latham & Watkins is seen by clients as ‘a pleasure to work with on high-profile, difficult matters‘, which regularly include incident response, privacy litigation and regulatory investigations and enforcement proceedings. London-based Gail Crawford co-chairs the firm’s global privacy and cybersecurity practice, an interdisciplinary group comprised of data and technology transactional specialists and experienced commercial litigators. On the contentious side, the ‘excellentIan Felstead is noted, while Fiona Maclean is recommended for relevant advisory work. James Lloyd is a key name for complex cybersecurity mandates.

Responsables de la pratique:

Gail Crawford


Autres avocats clés:

Ian Felstead; Danielle van der Merwe; James Lloyd; Fiona Maclean; Calum Docherty; Hayley Pizzey


Les références

‘The data protection and privacy team are a real standout team. They combine excellent data protection knowledge (with the latest up to the minute developments) with very insightful strategic and practical advice. A pleasure to work with on high-profile, difficult matters.’

‘The UK team is second to none in terms of giving strong, clear data protection advice on how to manage compliance and risks associated with UK GDPR.’

‘Latham & Watkins thinks about issues on a macro level and takes pragmatic positions.’

Principaux clients

Meta Platforms, Inc. and Meta Platforms Ireland Limited


AllianceBernstein


Yum! Brands, Inc.


Crunchbase


Vonage


New Era Cap


Tyra Biosciences, Inc.


Rimac Auto


Tyman plc


Battery Ventures / Skalar Analytical


Teleperformance


Emma Sleep UK Limited


Stifel Nicolaus Europe Limited


SAP SE


Thomson Reuters


Principaux dossiers


  • Representing Meta in a number of multi-jurisdictional regulatory investigations and inquiries regarding alleged data breaches and compliance with data protection laws.
  • Advised AllianceBernstein on the data protection aspects of the formation and operation of its joint venture with Societe Generale.

Norton Rose Fulbright

At Norton Rose Fulbright, Marcus Evans leads the firm’s European data protection, privacy and cybersecurity group, while Jonathan Ball co-heads the EMEA-wide cybersecurity practice. Lara White is another key senior contact, and is singled out by one client as ‘a leader in her field‘. The firm regularly assists with the various issues sparked by the roll-out of data intensive products across multiple jurisdictions, as well as advising on global compliance policies and procedures; praise is given for always providing ‘innovative, practical solutions‘. On the cybersecurity side, breach response is an area of strength.

Responsables de la pratique:

Marcus Evans; Jonathan Ball


Autres avocats clés:

Lara White; Shiv Daddar; Fiona Bundy-Clarke; Tim Jones; Katie Stephen


Les références

‘I have worked with the data protection team at Norton Rose Fulbright for many years and have always found them very client-centric, expert lawyers in their fields and collaborative.’

‘I have worked with Marcus Evans and Lara White for many years and found them very knowledgeable, responsive and commercially minded.’

‘Norton Rose Fulbright is a great law firm. They always deliver what you want from them, but they also suggest innovative, practical solutions. This means that the activity I have engaged them on ends up being more productive, effective and efficient than I had anticipated in my brief.’

Pinsent Masons LLP

Pinsent Masons LLP fields a broad and deep bench of ‘industry-aligned lawyers‘. Jonathan Kirsop leverages his experience as head of the firm’s global TMT practice to bear on a range of data-related issues; David Barker leads the data privacy and media disputes group, and is consequently the key name for contentious mandates; and David McIlwaine oversees the cybersecurity piece. Recently, there has been a significant uptick in instructions from notable players in the financial services sector, as well as major insurers. In team news, ‘experienced privacy professionalJaya Handa joined from Liberty Specialty Markets in July 2023.

Responsables de la pratique:

Jonathan Kirsop; David McIlwaine; David Barker


Autres avocats clés:

Stuart Davey; Kathryn Wynn; Jaya Handa


Les références

‘David Barker is exceptionally knowledgeable.’

‘Pinsent Masons have a full-service data protection advisory function with industry-aligned lawyers.’

‘Jaya Handa is an experienced privacy professional balancing both industry and law firm perspectives. Advice from Jaya is well considered, commercial and practical.’

Principaux clients

Dixons Carphone Warehouse


Google Group


DeepMind Technologies Limited


UK Finance


Barclays Bank plc


Tesco plc


Corporation Service Company (CSC)


Zurich Insurance plc


Cabinet Office


Pomvom UK Limited


Currys Retail Limited (formerly DSG Retail Ltd)


Morgan Sindall Group PLC


Government Digital Services, part of Cabinet Office


Principaux dossiers


  • Representing DeepMind Technologies Limited & Google UK Limited in a representative action brought on behalf of a purported class of around 1.6m individuals whose medical records were sent by the Royal Free London NHS Foundation Trust to DeepMind in connection with DeepMind’s provision of a service called Streams.
  • Representing Currys in a group action brought on behalf of 711 individuals seeking to recover damages for distress they claim to have suffered after their personal data was allegedly compromised during a cyber attack suffered by Currys in 2018.
  • Providing ongoing data protection advice to Barclays Bank.

Ashurst

At Ashurst, the team is particularly valued for its ‘strong grasp of the threat landscape and understanding of regulatory priorities‘. The workload spans both data advisory issues and breach response. Rhiannon Webster oversees the UK data privacy and cybersecurity group, with clients ranging from financial services companies to health providers. The relocation of digital economy practice co-head Amanda Ludlow from Brisbane to London in January 2024 served to further strengthen the partner bench on the ground.

Responsables de la pratique:

Rhiannon Webster


Autres avocats clés:

Amanda Ludlow; Shehana Cameron-Perera; Tom Brookes


Les références

‘The team is made up of highly skilled lawyers in the area of data protection who are easy to work with and offer informed and commercial advice.’

‘Rhiannon Webster has a deep understanding of the financial services sector, which means her advice is pragmatic and solutions focussed.’

‘The team is very knowledgeable and has strong experience in the sector. This enables them to swiftly grasp the essence of the issue and offer actionable and insightful advice.’

Principaux clients

Meta


Boldyn Networks


Department of Transport


East West Rail


Keolis Amey


McLaren Automotive


Pirum Systems Ltd.


Sage Group plc.


Shawbrook Bank


Jefferies


Principaux dossiers


  • Advising Meta on various issues relating to Reality Labs, a business and research unit of Meta Platforms which produces virtual reality and augmented reality hardware and software.
  • Supporting Sage with all data protection aspects of its financial services focussed software.
  • Advised Pure Health on its acquisition of the Circle Health Group.

DAC Beachcroft LLP

DAC Beachcroft LLP‘s data, privacy and cybersecurity team is regarded by clients as ‘a seemingly bottomless well of knowledge, expertise and practical solutions‘. On the advisory side, the group has particularly strong connections with the public, technology, real estate and financial services sectors; in the last of these spheres, Jade Kowalski, who co-leads the practice, is noted for her ‘excellent insurance industry knowledge‘. Kowalski’s counterpart, Hans Allnutt, ‘is held in high regard for his expertise in pioneering defences to large-scale data breaches‘, and this kind of incident response work is another key strength of the firm.

Responsables de la pratique:

Jade Kowalski; Hans Allnutt


Autres avocats clés:

Patrick Hill; Charlotte Halford; Darryn Hale; Astrid Hardy


Les références

‘Hans Allnutt is an eminent cyber and data protection specialist who is held in high regard for his expertise in pioneering defences to large-scale data breaches. His strategic judgment is second to none.’

‘Working with DAC Beachcroft feels like a real partnership. They’re an extension of our team who invest in and demonstrate understanding our company and what makes us different, including the particular challenges we face.’

‘A seemingly bottomless well of knowledge, expertise and practical solutions to the challenges we face when handling cyber and data risk exposures. The attention to detail whilst never losing sight of the overall and developing picture has helped us navigate challenges we had not experienced before.’

Principaux clients

Beamtree UK Limited


National Data Guardian


NHS England


Avis


Simplyhealth


Turner and Townsend


Ivolve (formerly Envivo Group)


Hiscox


Ecclesiastical Insurance


AXA UK


Intelliflo


Mental Health First Aid England


Institut Mérieux


Principaux dossiers


  • Instructed by Institut Mérieux to carry out due diligence on Oxford Biomedica (OXB), prior to the purchase of shares in OXB by the client.
  • Advised six law firms and three barristers’ chambers on the management of their risk of regulatory enforcement action by the ICO and the SRA and client legal claims following the hacking of their IT systems managed by Converge-IT.net Limited (CTS).
  • Produced a data framework for use by Simplyhealth in assessing the protection considerations which are relevant to new initiatives and propositions.

DWF

At DWF, practitioners ‘get off the fence and provide practical and pragmatic advice‘. In terms of senior contacts in the London office, the ‘pre-eminentStewart Room is the global head of the data protection and cybersecurity practice, while ‘formidable and pragmatic legal mind‘ James Drury-Smith oversees the UK-wide offering. Manchester-based JP Buckley acts as the regional group head. The firm is best known for handling data-related class actions, advising on incident responses, and representing clients in regulatory investigations. The team is also highly regarded for its ongoing close relationship with the ICO.

Responsables de la pratique:

Stewart Room; James Drury-Smith; JP Buckley


Autres avocats clés:

Tim Smith; Tughan Thuraisingam; Jamie Taylor


Les références

‘Knowledge and up to the minute intelligence in a very fast moving field.’

‘The team provide pragmatic, solution-focused and contextual advice. They genuinely collaborate with the client to get to the root of the issues and go the extra mile when delivering their services.’

‘Stewart Room – the leading lawyer in this area. Very knowledgeable, approachable and innovative. He is my go-to practitioner for strategic privacy advice.’

Principaux clients

Information Commissioner’s Office (ICO)


Meta (Facebook)


Visa Europe


Netflix


Virgin Media


Bolt


Abnormal Security


Tesco Mobile


Centrica


JD Sports


DHL


Lucozade Ribena Suntory


Yum Restaurant Services Group


Arch Insurance


Canopius


Checkout


StoneX Financial


GSM Association


Severn Trent Water


South Staffordshire Water


Principaux dossiers


  • Representing the Information Commissioner’s Office (ICO) in a number of regulatory enforcement cases.
  • Supporting Meta’s data protection office with various matters related to data protection risk management and its operating model.
  • Defending a global communications organisation against multiple enforcement actions brought by a data protection regulator in relation to the use of facial recognition technology and the collection of Covid-19 data.

Herbert Smith Freehills LLP

Herbert Smith Freehills LLP‘s inter-departmental, cross-sector team is valued by clients for providing assistance which is ‘valuable both technically and commercially‘. Miriam Everett acts as the firm’s global head of data and privacy, while Andrew Moir oversees the global cybersecurity and data security piece. Christine Young takes the lead on employment-related data protection issues. The firm’s expertise covers matters ranging from strategic regulatory compliance, through contentious and non-contentious data subject rights requests, responses to regulatory complaints and investigations, and incident response.

Responsables de la pratique:

Miriam Everett; Andrew Moir; Christine Young


Autres avocats clés:

Peter Dalton; Duc Tran; Siân McKinley


Les références

‘HSF is our main go-to firm for data privacy-related matters. Their legal advice has proven to be valuable both technically and commercially. They have been able to capture our risk appetite and ways of working and are able to create a business friendly output.’

‘What stands out for me is HSF’s ability to translate legal requirements into actual workable plans.’

‘HSF has a broad and diverse team with the ability to call upon experts from different fields and regions.’

Principaux clients

UK Finance


Hays plc


e-Mersion Media


KodyPay Limited


Willis Towers Watson


KPMG


bp


Invesco


GenesisCare


British American Tobacco


Hunton Andrews Kurth LLP

Hunton Andrews Kurth LLP advises many of the largest multinational companies on complex data protection and privacy issues, both in the UK and globally. There is close co-operation between the London and New York bases, with Sarah Pearce and Aaron Simpson taking on the leading roles in each, respectively. The London office is also home to the firm’s privacy and cybersecurity think tank, the Centre for Information Policy Leadership, of which Bojana Bellamy is the President. The group’s ‘absolute specialists‘ are well versed in breach response work, as well as the data aspects of transactions. Seasoned expert Rosemary Jay continues to play an active role.

Responsables de la pratique:

Sarah Pearce; Aaron Simpson; Bojana Bellamy


Autres avocats clés:

Rosemary Jay; Ashley Webber; James Henderson; Jonathan Wright


Les références

‘The firm is a much valued support providing knowledge and expertise to us in data protection and legal compliance. The are always respectful and reliable, providing timely support. The team also provide regular learning opportunities which are insightful and help us consider the impact of new legislation.’

‘I find the individuals we work with to be respectful and reliable. They have excellent subject matter knowledge and are able to offer insight to help determine the right course of action.’

‘Absolute specialists in data protection law and compliance, particularly in connection with global projects.’

Principaux clients

Brand Energy & Infrastructure Services, Inc.


Cybereason Inc.


Google


Paramount Global


Silver Lake Technology Management


Technology Coalition, Inc.


Tiffany & Co.


TJX Companies, Inc. / TK Maxx


TPG Global, LLC


Principaux dossiers


  • Advising a global provider of industrial and infrastructure services on privacy and data protection issues, including EU and UK privacy compliance.
  • Assisting Paramount Global with a wide range of privacy and data security issues.
  • Providing a major retail and consumer products client with global data protection and privacy advice, including on GDPR compliance.

Mishcon de Reya LLP

The ‘very capable‘ team at Mishcon de Reya LLP leverages the firm’s reputation in the litigious sphere to handle a breadth of contentious data matters, including investigations and class actions. Adam Rose heads up the data group, and receives frequent instruction from clients spread across the technology, gaming, real estate, publishing and broadcasting, financial services, and retail and leisure sectors. Senior adviser Jon Baines is a key non-lawyer contact. As a result of the merger with Taylor Vinters, the group’s partner bench was strengthened by the addition of specialists James Boyle and Ashley Williams.

Responsables de la pratique:

Adam Rose


Autres avocats clés:

Jon Baines; Stuart McMaster; Ashley Winton; James Boyle; Ashley Williams


Les références

‘The Mishcon data privacy team provides a unique combination of subject matter expertise with clear and practical advice. The team has taken the time to know and understand our business, which makes them significantly more effective in bringing the right advice to the particular issue at hand.’

‘We have been working with James Boyle for some time and he is great to work with. Deeply knowledgeable on the subject of data protection and privacy, but also pragmatic and able to communicate with staff at a range of levels.’

‘Mishcon have a very capable data protection team with good experience across a variety of sectors.They also understand the intersection between data and other types of regulations. They provide excellent quality advice which factors in commercial and other factors.’

Principaux clients

Criminal Bar Association


Campus Crusade for Christ (“CRU”)


Public Law Project


Accurx Ltd


Milwaukee Electric Tool Corp


RealVNC


Localised, Inc.


Evelyn Partners


Principaux dossiers


  • Acting for an individual who has filed a claim against HMRC for breach of her data protection rights.
  • Advising the Criminal Bar Association on whether court staff being instructed to name all barristers who did not attend hearings because they were participating in the CBA’s Days of Action amounted to unlawful processing of personal data.
  • Instructed by class representative on behalf of a class of 1.6m individuals in a case which concerns the unlawful transfer of confidential medical records to Google and DeepMind without the knowledge or consent of the individuals concerned.

Morrison Foerster

Morrison Foerster‘s London office plays a key role in the firm’s global privacy and data security practice, with Annabel Gillham, who offers a ‘very sensible and pragmatic approach to problem solving‘, taking the lead on the ground. The team regularly designs and develops UK and global compliance programmes; advises on evolving areas of data protection law, including most recently children’s privacy and AI; responds to cross-border data breaches and investigations; and represents clients in related claims. Mercedes Samavi and Dan Alam are also key contacts.

Responsables de la pratique:

Annabel Gillham


Autres avocats clés:

Mercedes Samavi; Dan Alam; James McDevitt


Les références

‘The team is a well-resourced privacy and data team with real expertise and sound judgement.’

‘Annabel Gillham is really on the ball and a very user-friendly partner, with a very sensible and pragmatic approach to problem solving.’

‘The team are truly global and yet there is real individual attention and advice from each partner, associate, counsel when we reach out. I don’t feel passed from pillar to post to get the advice that I need.’

Principaux clients

Alpine Investors


Amazon


Arm


Capital One


Fujitsu


Kyowa Kirin


Marriott


OpenAI


Oracle


Pfizer


Prudential


SoftBank


Twitch


Unisys


Osborne Clarke LLP

The data protection and cybersecurity team at Osborne Clarke LLPbrings a lot of practical and pragmatic experience to the table‘, with expertise ranging from provision of strategic regulatory advice, to assistance with issues concerning developing technologies, such as AI. Mark Taylor provides a ‘calm, pragmatic and insightful‘ hand at the tiller. On the contentious side, Charlie Wedin and Ashley Hurst are the key senior contacts. Recently-promoted partner Georgina Grahamgets straight to the heart of an issue and knows how to offer a solution‘.

Responsables de la pratique:

Mark Taylor


Autres avocats clés:

Charlie Wedin; Ben Dunham; Jonathan McDonald; Georgina Graham; Ashley Hurst


Les références

‘The team is very diverse and brings a lot of practical and pragmatic experience to the table. Very approachable, no legal jargon and just lovely to work with.’

‘Georgina Graham is a breath of fresh air in the legal field. She gets straight to the heart of an issue and knows how to offer a solution.’

‘Mark Taylor is a wonderful lawyer. He is the person I want on the end of the phone when I have a tricky data protection problem. He considers everything in the round and is fully attuned to the need to find pragmatic and scaleable solutions.’

‘The OC team is practical, approachable, commercial and great value for money. They take the time to really understand their clients, focus on what really matters for them and delivers consistent and well-rounded advice every time.’

‘Georgina Graham is very passionate about everything she does, providing an optimistic, commercial and well-rounded set of advice, tailored to our risk tolerance and business drivers. She is diligent, clear and genuinely cares about achieving a great outcome for all concerned. I would highly recommend her.’

‘The team are responsive, intelligent, knowledgeable on all areas of data protection and privacy and advise clearly on complex issues.’

‘Ben Dunham has exceptional knowledge in this field and is able to advise clearly on very complex issues.’

‘Mark Taylor clearly has a strong background in data protection law and he pulls on his experience to provide quick practical advice that reflects the sector he advises on. He is calm, pragmatic and insightful.’

Principaux clients

Dynamo FL


Ericsson


InfraRed Capital


Jollyes


M&G


Oxford Biomedica


Police Federation of England & Wales


Volta


X.ai


Principaux dossiers


  • Representing the Police Federation of England & Wales in litigation relating to a ransomware attack which affected its IT systems in March 2019.
  • Assisting Ericsson with its application for the new UK Binding Corporate Rules Addendum.
  • Assisted DynamoFL in the UK, EU and China with the assessment of its vertical federated machine learning solution for data protection compliance to facilitate the licensing of this system to its end user customers.

Reed Smith LLP

Reed Smith LLP is valued by clients particularly for its ‘supremely pragmatic and measured‘ approach to the gamut of data work, with the firm’s regular caseload ranging from breach response, to compliance advice, to post-M&A assistance. The multi-disciplinary practice group comprises experts predominantly from the firm’s intellectual property, technology, media and litigation departments. Elle Todd is a senior name to note for regulatory investigations, while Carolyn Pepper is recommended for her disputes focus. Cynthia O’Donoghue and Philip Thomas round out the roster of key practitioners, with both demonstrating considerable know-how in international data transfers.

Responsables de la pratique:

Cynthia O’Donoghue; Elle Todd


Autres avocats clés:

Philip Thomas; Carolyn Pepper


Les références

‘Highly knowledgeable and excellent in their ability to apply legal advice to specific commercial situations to give definitive, practical guidance to clients.’

‘Elle Todd is exceptional in her knowledge, practical approach, awareness of commercial considerations in all the guidance and advice she provides.’

‘Supremely pragmatic and measured, realistic. They focus on the right things.’

RPC

RPC fields a specialised data protection and privacy offering comprising dedicated expert groups, under the overall leadership of technology practice head David Cran. Relevant disputes work is overseen by ‘able, urbane lawyerRupert Cowper-Coles. ‘Really respected figure in the industryRichard Breavington helms the cybersecurity side. Jon Bartley leads on advisory issues, including transactional support. In team news, January 2024 saw the arrival of Lindsay Warwick from an in-house position at Associated Newspapers Limited; her arrival further strengthened the firm’s already-recognised capabilities in the media-related data litigation space.

Responsables de la pratique:

Jon Bartley; Richard Breavington; Rupert Cowper-Coles; David Cran


Autres avocats clés:

Oliver Bray; Joe Lippitt; Alex Wilson; Nadia Tymkiw; Lindsay Warwick; Richard Breavington


Les références

‘Very knowledgeable and approachable.’

‘Always accommodating and calm in a crisis.’

‘Highly experienced team with a strong market position.’

Principaux clients

Meta


Google


News UK


BBC


Frasers Group


Associated Newspapers


Times Newspapers Limited


Reach (formerly Mirror Group)


techUK


Hiscox


QBE


CNA Hardy


Chubb


Warner Music Group


Principaux dossiers


  • Advising Warner Music on its data protection obligations in relation to hosting user content on a new service.
  • Representing the founder of Frasers Group in two separate subject access claims against HMRC and Morgan Stanley.

Stephenson Harwood

Clients are drawn to Stephenson Harwood‘s ability to ‘combine deep technical knowledge with business savvy in a way that provides unmatched value‘, and the firm consequently receives instructions from a plethora of high-profile industry leaders, particularly in the financial and professional services sectors. Data protection practice head Katie Hewsonlives and breathes her area of expertise‘. Michael Bywell is a key name for contentious work, including breach-related litigation, while Jenna Franklin is recommended for relevant transactional matters.

Responsables de la pratique:

Katie Hewson


Autres avocats clés:

Michael Bywell; Jenna Franklin; Sarah O’Brien


Les références

‘The team’s practical, actionable advice makes them unique – they combine deep technical knowledge with business savvy in a way that provides unmatched value to their clients.’

‘Katie Hewson is smart, thoughtful and always comes with a point of view on the most cutting-edge issues. Her insights and practical approach are unmatched, all the while being a pleasure to work with!’

‘They take the time to understand the business, industry and service offering and deliver a bespoke service for each and every engagement. The output is always top quality and the team are a delight to work with.’

Principaux clients

Neuberger Berman Europe Limited


Principaux dossiers


  • Advising NB on all aspects of its data protection activities.

Taylor Wessing LLP

Taylor Wessing LLP‘s team has a ‘practical, real world and actionable‘ approach to mandates ranging from data compliance advice to breach preparedness and response. The firm’s clients run the gamut, from technology pioneers, early stage companies and fast-growing scale-ups, to well-established global players undergoing digital transformation changes. Christopher Jeffery leverages his position as co-head of the international US group to cater to key venture capital-backed businesses looking to expand internationally. Newly-promoted partner Michael Yates, Jo Joyce and Ed Spencer jointly oversee the dedicated cybersecurity offering. Victoria Hordern rounds out the roster of key contacts.

Responsables de la pratique:

Christopher Jeffery; Victoria Hordern


Autres avocats clés:

Michael Yates; Jo Joyce; Ed Spencer


Les références

‘The team is at the cutting edge of this developing area of law and collaborates well with other specialists across the firm.’

‘Michael Yates has real expertise in this area combined with broad experience of media and information law. Very client friendly and a good communicator.’

‘They provided clear, practical advice to address a somewhat novel issue. They worked in a cost-sensitive way. They were highly responsive.’

Principaux clients

IGG


Klarna


Creative Lynx Limited


Revantage


edyn Group


Principaux dossiers


  • Advising Klarna on privacy considerations ahead of the creation of a UK entity for consumer engagement as a result of changes post-Brexit.
  • Assisting a number of pension schemes with matters including data privacy reviews, breach preparedness plans, and trustee set-up compliance and data breach simulation exercises.
  • Advised Havas Lynx on the data protection and privacy compliance requirements for its clinical trials recruitment platform roll-out for certain trials in several countries.

White & Case LLP

Tim Hickman heads up both the local and global data, privacy and cybersecurity practices at White & Case LLP, leveraging this position to ‘coordinate efficiently with other countries’ colleagues‘ and provide a seamless international approach to data mandates. The firm has core strengths across the advisory, regulatory, transactional and litigious spheres. John Timmonsalways finds practical and commercially attractive solutions‘, and regularly handles cybersecurity matters, including both compliance and breach response.

Responsables de la pratique:

Tim Hickman


Autres avocats clés:

Rory Hishon; John Timmons; Jenna Rennie


Les références

‘Demonstrate aptitude in their areas of speciality.’

‘Tim Hickman knows his stuff, seems to know every privacy law available.’

‘Tim Hickman knows the law and is commercially astute.’

Principaux clients

Meta


Nestlé


Vale


STC


AutoCruitment, LLC


Mercuri Urval


Deutsche Bank


Iberdrola


Avast


Bates Wells

Bates Wells is differentiated by its standout know-how in relation to the charity and not-for-profit sector – where Lawrence Simanowitz and Hannah Lyons are just some of the key contacts – and its expertise in matters relating to electoral data use. Practice head Eleonor Duhs, whom clients regard as being ‘amazingly experienced and well connected‘, is regularly involved with legislation drafting, and is consequently well placed to advise on emerging technologies, including AI.

Responsables de la pratique:

Eleonor Duhs


Autres avocats clés:

Lawrence Simanowitz; Rupert Earle; Hannah Lyons; Rayhaan Vankalwala


Les références

‘Excellent and timely data protection advice.’

‘Responsive, thorough, clever, and detail-oriented.’

‘Rayhaan Vankalwala is a top-notch data privacy expert. Exceptional service.’

Principaux clients

SOAS – Influencing the Corridors of Power Project


The Times Newspapers


Principaux dossiers


  • Providing briefings on data privacy and information law topics to SOAS in relation to its Influencing the Corridors of Power project.

BCL Solicitors LLP

Boutique firm BCL Solicitors LLPknows the intersection of business, regulation and criminal enforcement like no other‘, and brings this to bear on its data work, which predominantly focuses on investigatory powers and surveillance law. Team lead Michael Drury leverages his experience as the former legal director of GCHQ to offer clients ‘a level of legal and technical understanding that no one else comes close to‘. Julian Hayes is another key senior contact.

Responsables de la pratique:

Michael Drury


Autres avocats clés:

Julian Hayes; Richard Reichman


Les références

‘Julian Hayes is an all-rounder of a lawyer who is able to provide broad legal advice, particularly at the intersection of criminal law with data protection (and related areas), and combine this with a realistic and practical approach to client aims and goals. One who can see both the wood and the trees.’

‘Michael Drury is a delight to work with and his knowledge of cybersecurity is unrivalled.’

‘Michael Drury is immensely well connected, his background as head of legal at GCHQ gives him a level of legal and technical understanding that no one else comes close to.’

Bryan Cave Leighton Paisner

Bryan Cave Leighton Paisner‘s data privacy and security group provides ‘professional and insightful advice‘ to well-known players from a range of sectors, including financial services, media, real estate and technology. The practice is highly regarded for its expertise in assisting with data subject access requests, and has lately been involved with a large number of cross-border breach responses. Data compliance specialist Geraldine Scali further boosts the team. Former practice head Kate Brimsted has left the firm.

Autres avocats clés:

Geraldine Scali


Les références

‘The team are able to assist on all types of data subject access requests, from the practical aspects to detailed knowledge of the regulator’s approach. Overall a very useful team to be able to call upon.’

‘Geraldine Scali has a very pragmatic approach and provides sensible, helpful and practical advice.’

‘Geraldine Scali gives commercial and prompt advice.’

Principaux clients

Heathrow Airport


London Stock Exchange Group


Tesco


URW (owners of Westfield)


Royal College of Midwives


Estee Lauder


Worcester Warriors Rugby Club administrators (Begbies Traynor)


Lumen Technologies


AI Software LLC


Ness USA Inc


The Foschini Group Limited


PRS for Music Ltd


Phonographic Performance Limited


Principaux dossiers


  • Advising Lumen Technologies on the $1.8bn divestiture of its EMEA business, including its terrestrial and subsea networks, data centres and network equipment in the region, to London-headquartered Colt Technology Services.
  • Advising the trustees of a global bank’s pension fund on the impact on them and their members of the data security breach experienced by business process services provider Capita.
  • Advised a global commercial real estate services company on its self-certification with the EU-US Data Privacy Framework, including assisting with the drafting of all necessary documentation and procedures.

Charles Russell Speechlys LLP

Anchored within the firm’s wider commercial group, Charles Russell Speechlys LLP‘s data protection team draws on specialists from a range of departments, including employment and litigation, to provide a rounded offering. Janine Regan re-joined as practice head from Norton Rose Fulbright in May 2023, and now handles a workload ranging from global data protection compliance projects, to privacy impact and legitimate interests assessments, to international data transfers. Victor Mound, who joined from Bristows LLP in August 2023, provides key support.

Responsables de la pratique:

Janine Regan


Autres avocats clés:

Victor Mound


Les références

‘Very knowledgeable and experienced in data protection and privacy.’

‘Janine Regan is experienced and technically very good. Provides crisp, clear, practical advice with a good understanding of the client’s business.’

‘Victor Mound – proactive, providing thoughtful advice.’

Principaux clients

Marshmallow Financial Services


Conferma Limited


Maybourne Group


Impact Holdings Limited


Oncam Global Limited


Gulf Air


Formula E Operations Limited


Principaux dossiers


  • Advising Marshmallow on its compliance programmes, data subject access requests, data protection impact assessments and international data transfers.
  • Advising Maybourne Hotel Group on privacy statements and internal policies.
  • Advising Gulf Air on a range of data protection compliance matters.

Covington & Burling LLP

Covington & Burling LLP handles the full range of contentious and advisory data privacy and cybersecurity work, from compliance, through to policy and strategy, and breach response. The team is best known for its its regulatory expertise, which includes representing household name clients in investigations. In terms of sector specialisms, the pharmaceutical, biotech and medical devices industries are particular areas of focus. Mark Young leads the group, working closely with Lisa Peets.

Responsables de la pratique:

Mark Young


Autres avocats clés:

Lisa Peets


Principaux clients

AstraZeneca


Meta Platforms FKA Facebook


Bristol Myers Squibb


Business Software Alliance


Eli Lilly & Company


American Express


Viacom


Mayer Brown International LLP

Mayer Brown International LLP‘s cybersecurity and data privacy team provides ‘brilliant advice‘ on incidents and breaches, as well as compliance and governance issues. The firm’s expertise in the financial services sector ensures that the group is particularly well placed to assist major names from that space. Mark Prinsley and Oliver Yaros oversee much of the work, and the latter is singled out by one client for providing ‘effective, timely and intelligent support‘.

Responsables de la pratique:

Mark Prinsley


Autres avocats clés:

Oliver Yaros; Ondrej Hajda


Les références

‘The privacy and cybersecurity team at Mayer Brown is pro-active in reaching out to us about our specific projects and plans which helps keep us on track. They are highly responsive to any request and have a team with deep expertise so that they bring in the right person to assist us.’

‘Oliver Yaros is the partner we work with on UK and EU issues and overall global privacy compliance efforts. He brings a business sense to our compliance efforts.’

‘The Mayer Brown team have been excellent and understanding of our resource limitations. They communicate in a very effective and human way to bridge the gap between the different sectors that we operate in. The advice they have shared, and support to implement their suggestions, has been first class and we have made significant progress as a result.’

Principaux clients

Previse Limited


Andersen Tax LLC


Northern Trust


PwC


Cummins


Overmore Group


Bank of New York Mellon (BNYM)


HSBC


Corney & Barrow Group Limited


AXA XL


EMK Capital


Principaux dossiers


  • Advising private equity firm EMK Capital on the implementation of new data protection policies and procedures following its acquisition of a majority stake in online marketplace Bark.com.

Orrick, Herrington & Sutcliffe (UK) LLP

Orrick, Herrington & Sutcliffe (UK) LLP‘s cyber, privacy and data innovation practice handles a substantive workload comprising both contentious and advisory mandates, including investigations, incident response, enforcement action and relevant litigation, as well as compliance. The team includes Alex Sobolev, who is typically instructed by technology-led companies, and cybersecurity-focused Adele Harrison. Former practice head Kelly Hagedorn has left the firm.

Autres avocats clés:

Alex Sobolev; Adele Harrison


Principaux clients

Baidu, Inc


Deltek, Inc.


Fenix International Limited (d/b/a OnlyFans)


GOAT


JumpStart Games, Inc.


Juniper Networks


Microsoft Corporation


Squarespace Inc.


Technologies of Voice Interface Limited


Xiaomi


Principaux dossiers


  • Providing advice on a wide array of privacy and cybersecurity matters to W. W. Grainger.
  • Advised Squarespace on its agreement with Google to acquire assets associated with Google Domains.
  • Advising Fenix International Limited on an ongoing basis in connection with all UK regulatory and compliance matters.

Ropes & Gray LLP

Clients of Ropes & Gray LLP benefit from the London data, privacy and cybersecurity team’s close cross-Atlantic collaboration with colleagues in Washington DC. Compliance, advisory and enforcement matters relating to the collection, storage and processing of data all make up part of the regular practice, as, increasingly, does breach response work. ‘Great leaderRohan Massey helms the UK offering, closely supported by the ‘engaging, knowledgeable and well respectedEdward Machin.

Responsables de la pratique:

Rohan Massey


Autres avocats clés:

Edward Machin


Les références

‘Very personable, knowledgeable and commercial, and easy to work with.’

‘Rohan Massey – smart, capable and strategic.’

‘High quality team with great knowledge of data protection issues, challenges and solutions.’

Principaux clients

The Carlyle Group, L.P.


Bain Capital


HUTCHMED


Advent / Neilsen


Follicular Lymphoma Foundation


Areteia Therapeutics, Inc


WireCo WorldGroup Inc


Hologic Inc


GHO Capital Partners


Sequoia Capital Operations LLC


Audley Travel


MVF


Principaux dossiers


  • Advising Carlyle and its AlpInvest business to ensure its global data compliance program continues to meet GDPR and CCPA and other jurisdiction-specific requirements.
  • Advising Bain Capital on a project to monitor its portfolio companies’ compliance with laws relating to data privacy and cybersecurity.
  • Providing ongoing privacy, data protection and information security advice to HUTCHMED.

Shoosmiths LLP

The privacy and data team at Shoosmiths LLP is seen by its clients as ‘one of the best kept secrets in the London market‘. Practice head Sherif Malak is ‘beyond dedicated to his craft‘, and has a strong focus on mandates with a nexus to the technology sector. Many of the group’s practitioners receive regular instruction to act as external data protection officers, including Nick Holland and Hamish Corner. Lately, the department has been increasingly focusing on the contentious side of its data work.

Responsables de la pratique:

Sherif Malak


Autres avocats clés:

Matthew MacLachlan; Adam Fox; Nick Holland; Hamish Corner; Kate Brimsted


Les références

‘The team is highly skilled and capable with excellent global knowledge of privacy laws which is extremely useful.’

‘Very good client manner and able to easily adapt to circumstances.’

‘The Shoosmiths data privacy team, headed up by Sherif Malak, is one of the best kept secrets in the London market. Their quality of advice, pragmatism, and level of client-focus is unparalleled. They can advise on everything from DPAs up to complex binding corporate rule arrangements and huge CRM onboardings. I simply wouldn’t go anywhere else for data privacy advice.’

Principaux clients

Global Switch


Volkswagen Group UK


EG Group


Hilton Grand Vacations


Gopuff


Stonegate Pub Co


The White Company


Nissan Motor Co.


Sosei Heptares


Motorway


Close Brothers


Krispy Kreme


Charles Tyrwhitt


Principaux dossiers


  • Advised Stonegate Pub Company on all the data and privacy aspects of its launch of a new VIP digital loyalty platform app, which provides information about the group’s 850+ managed venues.
  • Instructed as lead global privacy counsel to Hilton Grand Vacations in relation to several data protection projects arising out of a demerger and acquisition.
  • Appointed as outsourced global data protection officer for EG Group.

Sidley Austin LLP

Sidley Austin LLP‘s data protection team in London forms an integral part of the firm’s global privacy and cybersecurity practice, and is particularly active on behalf of clients based across the UK and EU; William Long acts as co-chair of the international offering, as well as leading the UK and EU branch. The regulated industries, particularly life sciences and financial services, are key areas of focus. Francesca Blythe is singled out for her ‘pragmatic approach‘.

Responsables de la pratique:

William Long


Autres avocats clés:

Francesca Blythe


Les références

‘Francesca Blythe has a pragmatic approach to data privacy.’

‘The whole team has consistently high performers, never missed a deadline and always delivering excellent results.’

‘Francesca Blythe is able to understand our business quickly, apply the relevant data privacy laws to our situation and provide legal advice on a risk-based approach. She is personable and professional. She is always managing my expectations and keeps me updated if working on a longer project.’

Principaux clients

Canyon Partners


Accelerant


Recode


W.L.Gore


DaVita Inc.


Arcus Biosciences


H.I.G.


Pliant Therapeutics


ACRO


Alnylam


TLT

Fantastic and pragmatic‘ practice head Gareth Oldale oversees the data, privacy and cybersecurity offering at TLT. Recently, the group has been particularly focused on growing its client base in the financial services and public sectors, which are core areas of focus, and advising on both generative and more traditional AI projects. In team news, Louisa Williams was promoted to partner in May 2023, and Chris Elwell-Sutton joined the firm two months later from the Canadian Imperial Bank of Commerce, where he led the privacy programmes in the Europe and APAC regions.

Responsables de la pratique:

Gareth Oldale


Autres avocats clés:

Emma Erskine-Fox; Louisa Williams; Ed Hayes; Chris Elwell-Sutton


Les références

‘Gareth Oldale provides very effective advice and has good technical knowledge.’

‘Really pragmatic, excellent lawyers, partner with you to find a solution not just the legal answer.’

‘Louisa Williams is a fantastic lawyer, really pragmatic.’

Principaux clients

Department for Science, Innovation and Technology


Information Commissioner’s Office


Police Digital Service


Metropolitan Police Service


Government Legal Department


TSB Bank Plc


NatWest Group Plc


Monzo Bank


Financial Reporting Council


Canadian Imperial Bank of Commerce


American Express


UK Health Security Agency (UKHSA)


Zencity Technologies Limited


University College London


University of Warwick


Sainsbury’s


BGL Group Limited (CompareTheMarket)


Imperial Brands plc


Kent Police & Essex Police


Savills


Financial Conduct Authority


Principaux dossiers


  • Providing ongoing support to University College London’s data protection and freedom of information team.
  • Instructed as the statutory Data Protection Officer for the Financial Reporting Council.
  • Advising TSB on the bank’s Schrems II remediation project with a range of suppliers, to incorporate the latest EU Standard Contractual Clauses and UK International Data Transfer Addendum.

Travers Smith LLP

Travers Smith LLP‘s technology and commercial transactions team, helmed by Dan Reavill, advises a wide-ranging roster of notable clients on all aspects of their data protection compliance, including sharing arrangements and impact assessments. Cross-border data transfers are a particular area of expertise, and are regularly handled by experienced practitioner Louisa Chambers. James Longster and Sarah Robinson are singled out as ‘experts in their field‘.

Responsables de la pratique:

Dan Reavill


Autres avocats clés:

Louisa Chambers; James Longster; Sarah Robinson


Les références

‘Travers Smith is extremely responsive, practical and well versed in the subject matter.’

‘Both James Longster and Sarah Robinson are experts in their field and are fantastic to work with.’

Principaux clients

NatWest Group plc


Samsung Electronics UK Limited


Pay.UK


Ohme Operations UK Limited


Groupon Inc


JUSTICE


Foley Hoag LLP / Google LLC


Bain Capital LLC


Euroclear


John Whitgift Foundation


MGN Pension Trustees Ltd (Mirror Group Newspapers)


Thensia


Fundsmith


Helsing


Pemberton Asset Management S.A.


Principaux dossiers


  • Conducting an independent investigation into bank account closures by Coutts on behalf of Natwest Group, with a focus on any potential breaches of UK data protection legislation.
  • Advising Samsung on compliance issues presented by the data-sharing obligations under the new EU Data Act.
  • Advising Pay.UK on the design and implementation of its new payments architecture.

Wiggin LLP

The practitioners at Wiggin LLP are valued particularly for their ‘real sector expertise in betting and gaming which they can bring to bear on a case‘; industry giant consequently instruct the firm to advise on the gamut of data protection issues. Lately, matters regarding the Children’s Code and AI have become particularly prominent among the team's workload. Patrick Rennie oversees the group, and ‘knows how to steer the ship‘. The ‘incredibly brightChristina Henry is another key contact.

Responsables de la pratique:

Patrick Rennie


Autres avocats clés:

Christina Henry; Siobhan Lewis


Les références

‘A team with real sector expertise in betting and gaming which they can bring to bear on a case, as well as their ability to get to know all aspects of a client’s business.’

‘Patrick Rennie – a partner who knows how to steer the ship: when to zoom in; when to delegate; and when to utilise counsel. His own broad skill-set enables him to make the best use of those around him within the team.’

‘Patrick Rennie is always on-hand to provide sound data protection advice through a commercial lens. Having worked with him for a number of years, he has a solid understanding of our business and strategic drivers and the industry within which we operate and it this breadth and depth of knowledge of not only data protection law, but also our business and the wider industry, which makes Patrick’s advice so valuable.’

Principaux clients

NotOnTheHighStreet


Scopely


Wargaming


Starbreeze


Riot Games


SYBO


Warner Bros Discovery


Paramount


DAZN


Virgin Media


Centaur Media


Sky Betting and Gaming


William Hill


Playtech


Bally’s


Xplor Technologies


Principaux dossiers


  • Assisted Virgin Media with the launch of FAST Channels, advising on issues related to targeted advertising.
  • Advising Wargaming Group on its Children’s Code compliance.
  • Appointed as the Data Protection Officer for Centaur Media.

Womble Bond Dickinson (UK) LLP

Harnessing its expertise in the financial services, retail and hospitality, technology, and energy sectors, Womble Bond Dickinson (UK) LLP‘s data team handles a breadth of contentious and advisory work on the instruction of household name clients from these fields. The firm has a strong regional presence, with key team members including Southampton-based Andrew Kimble, compliance guru Sarah Daun in Newcastle, and the ‘dynamic and responsiveKatie Simmonds in the London office.

Responsables de la pratique:

Andy Kimble


Autres avocats clés:

Andrew Parsons; Sarah Daun; Katie Simmonds


Les références

‘In-depth knowledge combined with energy and responsiveness.’

‘Katie Simmonds is knowledgeable, dynamic and responsive.’

Principaux clients

Centrica (including British Gas Trading)


AIG


Quilter plc


Liverpool Victoria Friendly Society (LV=)


Blackbaud


B&Q


Principaux dossiers


  • Advised Centrica, as part of strategic transformation programmes across British Gas, on issues relating to field workforce technology platforms, metering and supply chain operations.
  • Advising US-based Blackbaud on its response to a data breach involving the hacking of its customer databases and accessing the records of individuals globally.

Clyde & Co

At Clyde & Co, there is a concerted focus on cybersecurity, and the firm is well placed to handle issues from strategy to breach; the London office is home to both Ian Birdsey, who co-leads the global practice, and Helen Bourne, who helped to develop the UK-wide offering. On the data-related commercial and compliance side, Mark Williamson is the key senior contact.

Responsables de la pratique:

Mark Williamson; Ian Birdsey; Helen Bourne


Autres avocats clés:

Tom Tippett; Seaton Gordon; Rosehana Amin; Madeleine Shanks


Principaux clients

UCL


B&Q


Cooley (UK) LLP

Cooley (UK) LLP is well versed in the full range of cybersecurity, data and privacy mandates; compliance advice, regulatory investigations, breach response and related litigation all form part of the regular workload. Guadalupe Sampedro leads the team in London, working closely with colleagues in New York, Washington DC and Brussels. In terms of sector-specific expertise, the firm is best known for its knowledge of the life sciences, financial services and technology industries.

Responsables de la pratique:

Guadalupe Sampedro


Autres avocats clés:

Ann Bevitt; Daniel Millard


Les références

‘Guadalupe Sampedro and Daniel Millard are exceptional. They provide strategic, risk-based guidance that is tailored to industry practice and company risk appetite. They are solution driven and creative problem solvers. I learn a tremendous amount from them and deeply enjoy working with them.’

Principaux clients

eBay, Inc.


Colt Technology Services


Telesign


Principaux dossiers


  • Advising eBay on a wide range of data protection matters relevant to its payments business globally.
  • Supporting Colt’s ongoing privacy matters globally, including assisting with approval of UK BCRs, and implementation of EU BCRs.
  • Advising TeleSign on a wide-ranging GDPR compliance programme.

Digiphile Services Limited

Data protection, AI and digital regulation boutique Digiphile Services Limited was founded in January 2023 by ‘privacy legendPhil Lee, and the new outfit ‘while small, packs a punch‘. The firm has rapidly built up an impressive client base, particularly in terms of notable global technology players. International data transfers, online profiling and AI are just some of the current areas of focus.

Responsables de la pratique:

Phil Lee


Autres avocats clés:

Michael Brown; Marco Piana


Les références

‘I really appreciate the valuable insights and expertise that the Digiphile team brings to the table regarding data privacy and AI. Their exceptional skills truly set them apart in the market and rival the abilities of other top-tier law firms. I appreciate their reliability and promptness in responding and that the advice is always tailored to our specific business needs.’

‘Phil Lee is an exceptional expert on data privacy, with an in-depth understanding of AI legal intricacies. It’s truly enjoyable to collaborate with him.’

‘Marco Piana and Michael Brown are always providing clear guidance and valuable advice. Really impressed by how they met all the deadlines and their involvement.’

Principaux clients

Advanced Business Software and Solutions


Allegis Group


Cloudflare


Expedia


Hunter Douglas


Informa Group


Notion


Zendesk


Principaux dossiers


  • Advised Advanced Business Software and Solutions on data protection considerations relating to the integration of generative AI into customer-facing enterprise SaaS products.
  • Advising Hunter Douglas on its global data protection policy framework.
  • Advised Notion on its successful EU-US Data Privacy Framework certification for EU data transfers.

Farrer & Co

Farrer & Co‘s data protection and information law practice, helmed by Henry Sainty, encompasses both a disputes and a commercial advisory team, ensuring that the firm has ‘an expansive stance when supporting clients‘. The litigious side is overseen by ‘deeply experienced data privacy practitionerIan De Freitas. In terms of non-contentious work, international data transfers, processing agreements and governance issues are all regularly handled.

Responsables de la pratique:

Henry Sainty


Autres avocats clés:

Alan Baker; Owen O’Rorke; Ian De Freitas; David Morgan; Jeremy Isaacson; Tom Rudkin


Les références

‘Farrers have an expansive stance when supporting clients looking at data security and privacy.’

‘Ian De Freitas is of course a deeply experienced data privacy practitioner, who combines his natural passion for and talent in his discipline with a calm and authoritative manner that inspires confidence from the start and which remains vital as the relationship develops and things inevitably become challenging over time.’

‘Great team and really enjoy working with them.’

Goodwin

Clients of Goodwinget white glove service from highly intelligent professionals’, with services ranging from transaction-related advice and incident preparedness assistance, to defence of class actions and regulatory enforcement actions. Gretchen Scott, who was one of the forces behind the establishment of the privacy and cybersecurity department, is instructed by a broad roster of notable names, and has extensive expertise in both UK and EU data issues.

Responsables de la pratique:

Gretchen Scott


Autres avocats clés:

Curtis McCluskey; Josephine Jay


Les références

‘The team is very knowledgeable, pragmatic, professional, business minded. And also great to work with!’

‘The individuals I’ve worked with are able to understand the situation very fast, and provide a solution-orientated approach.’

‘The team led by Gretchen Scott work well together. Deal with instructions promptly and reliably.’

Principaux clients

Transmit Security, Inc.


Luka, Inc. (“Replika”)


Inflection AI, Inc.


Hivemapper Inc.


Whoop, Inc.


Allurion Technologies, Inc.


Kidentify Pte Ltd (“k-ID”)


Accel


Loop Global Inc.


OpenstageIT Limited


Wayfair LLC (“Wayfair”)


Brilliant Worldwide, Inc.


Meta Platforms, Inc.


HubSpot, Inc.


Medidata Solutions, Inc.


Paperless Inc. (Paperless Post)


Eqlipse Technologies


Partiful Co.


Principaux dossiers


  • Advising Meta on the development of an EU-wide Code of Conduct for GDPR compliance.
  • Advised Luka on addressing data privacy concerns raised by The Italian Data Protection Authority following its urgent order to block AI-powered companion chatbot Replika.
  • Advised Inflection AI on GDPR and CCPA compliance status and AI regulatory considerations associated with the processing of personal data prior to the launch of its personal assistant chatbot.

Lewis Silkin

The team at Lewis Silkin has recently been renamed to reflect a growing focus on cybersecurity work, in addition to its more established data and privacy strengths; newly promoted partner Ali Vaziri is spearheading this area. The group is particularly well regarded by clients from the technology, financial services, retail and advertising sectors. Alexander Milner-Smith and Bryony Long jointly helm the department, while Tom Ford is a key name.

Responsables de la pratique:

Bryony Long; Alexander Milner-Smith


Autres avocats clés:

Ali Vaziri; Benjamin Favaro; Tom Ford


Les références

‘The team at Lewis Silkin is highly skilled and can bring expertise to any type of matter, no matter how complex. They have an ability to see the global issue as well as pinpointing the details that make all the difference.’

‘Alexander Milner-Smith is the expert when it comes to complex data protection and privacy issues. He is enthusiastic and very focussed with a hint of extravagance when needed. He is fast thinking and pragmatic so that matters are handled efficiently.’

‘Bryony Long – with her commercial and consumer background coupled to her sharp mind, she can focus on clients’ issues and provide solutions that are both sensible and cost effective.’

Principaux clients

Omnicom Group


Paramount


Daily Mail & General Trust (Associated Newspapers)


Britvic


Yahoo


Harvey Nichols


Lyst


Indeed


Fremantle


Principaux dossiers


  • Representing FremantleMedia in proceedings brought by a high-profile talent alleging infringement of their data protection rights and misuse of private information.
  • Advised Indeed UK Operations Limited when GovData sought a Norwich Pharmacal Order to force the client to unmask anonymous former employees who had been critical of GovData and its management on the website.

Mills & Reeve LLP

The team at Mills & Reeve LLP provides ‘excellent technical knowledge coupled with real-world commercial experience‘ which spans compliance advice, innovative technology, international data transfers, and security breaches. Jagvinder Singh Kang ‘remains at the top of his game‘, leading both the national and international practices. Helen Tringham is the name to note for contentious work.

Responsables de la pratique:

Jagvinder Singh Kang


Autres avocats clés:

Peter Wainman; Richard Sykes; Paul Knight; Helen Tringham


Les références

‘Excellent technical knowledge coupled with real-world commercial experience and approach ensures I receive advice which I can rely on as accurate but also tailored to reflect my industry sector and risk appetite.’

‘Jagvinder Singh Kang is a lawyer who remains at the top of his game. Practical and forthright whilst building and maintaining relationships with both clients and opposing lawyers –  this means he is very effective at getting the deals done.’

‘Jagvinder Singh Kang is a great lawyer.’

Principaux clients

Blackthorn.io, Inc.


Infront Sports & Media AG


European Cyber Conflict Research Incubator CIC


Money and Pensions Service


Domino Printing Sciences Plc


Department for Science, Innovation and Technology


British Council


Intellectual Property Office


Premia Solutions Limited


Trax


Otsuka Pharmaceutical Europe


MySense


Miles Partnership


Principaux dossiers


  • Advising the Money and Pensions Service on the national pensions dashboards programme.
  • Advised a major global manufacturer on implementing cybersecurity arrangements to safeguard personal data into its global manufacturing process.
  • Instructed as the UK GDPR representative for a NASDAQ-listed data analytics company.

Pillsbury Winthrop Shaw Pittman LLP

At Pillsbury Winthrop Shaw Pittman LLP, a change in leadership recently saw Steven Farmer promoted to co-chair of the firm’s global cybersecurity, data protection and privacy team, as well as leader of the UK and EU taskforce. The group is particularly well regarded for its data transfer expertise. Other areas of focus include digital health-related AI work, regulatory advice, and breach response.

Responsables de la pratique:

Steven Farmer


Autres avocats clés:

Scott Morton


Les références

‘Responsive team with deep expertise.’

Principaux clients

G.Network Communications


Morgan Stanley


PNC Bank


State Street Bank


Institute of International Finance


Victaulic


HM Electronics


Ntrepid


Cantina


Ingenio


Equities First


Carrot Fertility


Zedge


General Atomics


Boundless Learning


Juniper Square


Principaux dossiers


  • Advised Everi on its $6.2bn merger with International Game Technology’s Global Gaming and Play Digital Business to create a global gaming and fintech enterprise.
  • Advising Victaulic on its global privacy compliance programme on an ongoing basis.
  • Advising HM Electronics on the privacy implications of various AI product roll-outs.

Freeths LLP

Freeths LLP stands out for its equal spread of data protection work across the advisory and contentious spaces; in the former arena, strengths include assisting with international data transfers and sharing arrangements, while in the latter, the firm regularly handles disputes arising from data breaches. Luke Dixon chairs the department, with William Richmond-Coggan taking the lead on the litigious side.

Responsables de la pratique:

Luke Dixon


Autres avocats clés:

William Richmond-Coggan


Les références

‘The team at Freeths are “business solutions” driven. In other words, they don’t just understand the law, they get how businesses work. This is extremely important in the field of data protection and data governance.’

‘The practical application of data protection law in complex technology businesses is what makes William Richmond-Coggan stand out. His ability to connect the “data daisy chain” within a business means he can identify quickly potential data risks.’

‘ Well-resourced, readily available and always easy to talk to despite the complexities of the data protection world.’

Principaux clients

Aldi Stores Limited


Paymaster (1836) Limited t/a Equiniti


MHA


Rematch Credit Limited t/a DivideBuy


Pukka Pies


NG Bailey


Topps Tiles plc


Republic M! Group


Ideal Carehomes


Tarmac


Principaux dossiers


  • Advising Aldi UK on a wide range of data matters.
  • Represented Equiniti in a strike out application in connection with claims by 450 claimants alleging breaches of data protection law in relation to items of misdirected post.
  • Advised MHA on the data protection aspects of its re-branding and new website launch.

Gibson, Dunn & Crutcher

Gibson, Dunn & Crutcher is valued by clients for providing comprehensive advice on regulations and industry best practices. Joel Harrison co-chairs the privacy, cybersecurity and data innovation practice, leveraging ‘the most extraordinary knowledge of both technology and the law’ to do so. Robert Spano co-chairs the firm’s dedicated AI group. International data transfers, breaches and disputes are all areas of strength.

Responsables de la pratique:

Joel Harrison


Autres avocats clés:

Robert Spano


Les références

‘Extremely knowledgeable and helpful.’

‘Responsive and willing to take the time to understand the client’s actual needs.’

‘They are experts, and will not hesitate to tell you when they need more information in order to produce the best outcome.’

Principaux clients

WPP


SNOMED International


Gowling WLG

Gowling WLG‘s UK data protection and cybersecurity department is jointly headed up by Jocelyn Paulley and recent arrival Loretta Pugh, who joined from CMS. Recent highlights for the practice have ranged from assisting with relevant elements of transactions, to advising on direct marketing issues, to handling breach-related disputes.

Responsables de la pratique:

Jocelyn Paulley; Loretta Pugh


Autres avocats clés:

Patrick Arben


Les références

‘Very responsive and considerable expertise.’

‘Personal service.’

‘Patrick Arben – vast experience, dedicated service, clarity and accuracy of advice is exemplary.’

Principaux clients

Unilever UK Limited


Energy Systems Catapult Limited


Energy Networks Association


Transport for London


Finning Limited


RECCo (the Retail Energy Code Company)


The Norton Motorcycle Co Limited


Donna Ockenden Limited


Hyundai


The Universities and Colleges Admissions Service


Mazda Motors UK Limited and Mazda Europe GmbH


Principaux dossiers


  • Advised Transport for London on its arrangement with Google to record footage within TfL properties to add to StreetView.
  • Advised Norton Motorcycle Company on brand new data sharing agreements with its dealership network.
  • Advised Elexon on the nature of its role in implementing the market-wide half hourly settlement system and changes to the data protection clause in the Balancing and Settlement Code.

Harbottle & Lewis LLP

At Harbottle & Lewis LLP, Anita Bapat leads on the data protection and privacy side, while Emma Wright oversees the cybersecurity offering. The firm is particularly known for its expertise in the marketing, adtech and digital media fields, and is regularly instructed to advise on overlap with data issues; Sacha Wilson‘s cross-departmental advertising group takes on the bulk of such work.

Responsables de la pratique:

Anita Bapat; Emma Wright


Autres avocats clés:

Sacha Wilson; Amy Bradbury


Les références

‘They are humble and yet highly expert across so many jurisdictions! It’s incredible. They are thoughtful and clear about what they need from us to manage our sprawling organisation and always find an appropriate, simple-as-possible way to protect us.’

‘They’re thoughtful, friendly and a pleasure to work with.’

‘The team have a deep understanding of the adtech industry which has made them an invaluable partner. In addition, they provide practical and balanced advice.’

Principaux clients

Knight Frank


SEGA


Princess Yachts Limited


Phoebe Philo Limited


BCM One


Scriptic Limited


Nothing Tech


Principaux dossiers


  • Advising Princess Yachts on all aspects of data protection compliance.
  • Advising SEGA on data protection and technology projects.
  • Advising luxury fashion brand Phoebe Philo on all aspects of data protection compliance.

Kingsley Napley LLP

Kingsley Napley LLP is best known for its contentious focus, and this extends to the firm’s data protection and privacy offering, which is most lauded for its expertise in disputes and investigations, as well as representation of high-profile individuals in relation to their data rights. Emily Carter, noted for handling regulatory actions, and seasoned litigator Melanie Hart oversee the work.

Responsables de la pratique:

Emily Carter; Melanie Hart


Autres avocats clés:

Helen Morris; Adam Chapman; Ellie Fayle


Les références

‘Long established in the field of data protection, privacy and cybersecurity, the Kingsley Napley team has the experience, resources and client-base to take on the goliath data protection firms at a price which individuals and HNWIs can afford, yet with the approachability of a boutique form.’

‘Their data protection team is very well connected and regarded within the market, maintaining its profile with high-quality client work and prodigious thought-leadership output on cutting-edge issues in the field.’

‘Its forward-thinking approach makes it a magnet for staff recruitment and retention which will ensure it continues to go from strength to strength in coming years.’

Morgan, Lewis & Bockius UK LLP

Morgan, Lewis & Bockius UK LLP advises UK, European, and global companies on transactional data privacy requirements, cybersecurity issues and regulatory matters, including breaches and data sharing arrangements. Vishnu Shankar, who splits his time between the firm’s London and Brussels offices, is instrumental in ensuring close co-operation between the two hubs, and a consequent global approach to the work.

Responsables de la pratique:

Vishnu Shankar


Pritchetts Law

Boutique firm Pritchetts Law is seen by clients as being ‘genuinely unique in that it comprises individuals who are dedicated and are pre-eminent experts in this area of law‘. The team handles the gamut of data protection and cybersecurity issues, and has recently been increasing its focus on AI-related issues. Senior contacts Stephanie Pritchett and Ben Woottoncontinue to punch above their weight‘.

Responsables de la pratique:

Stephanie Pritchett; Ben Wootton


Les références

‘The team at Pritchetts Law is genuinely unique in that it comprises individuals who are dedicated and are pre-eminent experts in this area of law. Because of this focus, Pritchetts Law can bring their knowledge and experience to bear quickly, effectively and commercially, to the benefit of all their clients, no matter the size, complexity or duration of the legal challenge they face.’

‘Stephanie Pritchett is a lawyer, advisor and instructor beyond compare. Her precision, attention to detail and wisdom is second to none. Ben Wootton’s abilities complement these through his talent to deliver practical solutions that really ‘work’ in the context of commercial and operational reality. This combination enables them to actually deliver what competitors can only attempt to achieve; Stephanie and Ben continue to punch above their weight.’

‘Small-firm level of service with big-firm expertise.’

Principaux clients

Yeo Valley Farms (Production) Limited


The Ceuta group of companies


Northumbrian Water Group Limited


National Foundation for Educational Research


Nile UK Service Company Limited (t/as Telecom Infrastructure Partners)


The UPP group of companies


Link Maker Systems Limited


Synextra Limited


Mathys & Squire LLP


Sable International Group Limited


PDP Companies Limited


Make and Grow Limited (t/as Progression)


Vision33 Limited


Interactive Technology Corporation Limited


RE:GEN Group Limited


Principaux dossiers


  • Advising Ceuta Healthcare on its data protection compliance programme.
  • Advising Make & Grow, which uses AI systems to provide career development tools, on its master services agreement, privacy notices and end-user terms.
  • Advised Vision33 on the actions flowing from its data protection compliance audit programme.

PwC LLP

PwC LLP brings a ‘detailed understanding of complex privacy topics‘ to a cross-border roster of data protection mandates. Chris Cartmellleads this team in an excellent manner‘, and regularly assists with international data transfers and breach responses. Sarah Gee is a key contact for clients from the financial services, fintech and technology sectors.

Responsables de la pratique:

Chris Cartmell


Autres avocats clés:

Sarah Gee; Stephanie Baker; Orla Middlemiss; Lucas Saric


Les références

‘The sense of collaboration on the project made us feel confident they would deliver exceptionally well, and that was the case. They have the knowledge and work ethic required to deliver services with excellence.’

‘Detailed understanding of complex privacy topics, across multiple jurisdictions.’

‘Responsive, great at understanding our business and needs.’

Principaux clients

KFC Europe S.A.R.L.


Axon Enterprise, Inc.


Mott MacDonald Limited


Link Group Service Company Limited


Dubai Institute of Design and Innovation


Principaux dossiers


  • Assisted KFC Europe with a data protection compliance review and remediation exercise for KFC restaurants in Western Europe.
  • Advising Axon Enterprise on data protection and privacy issues in connection with its development and deployment of surveillance systems in multiple jurisdictions, as well as advising on engagements with governments and regulatory bodies.
  • Advising Mott MacDonald on a variety of data protection matters.

Sheridans

Under the leadership of ‘first classEitan Jankelewitz, the team at Sheridans advises on regulatory and strategic data issues, and related commercial considerations. Stefano Debolini is the key name for technology clients. Antonia Gold, who splits her time between the London and Berlin offices and is dual qualified in the two jurisdictions, provides significant cross-border expertise.

Responsables de la pratique:

Eitan Jankelewitz


Autres avocats clés:

Antonia Gold; Stefano Debolini


Les références

‘Pragmatic advisory and deep insights into technical and industry-specific matters.’

‘We deal primarily with Stefano Debolini. He is easygoing, commercially aware, informal in the right way, and well educated in our work.’

‘The team at Sheridans have been approachable, responsive, proactive and great to deal with.’

Principaux clients

AWIN AG


Live Nation Entertainment (aka Ticketmaster)


Internet Advertising Bureau UK (IAB UK) + Interactive Advertising Bureau US (IAB US) + IAB Technology Laboratory Inc (IAB TechLab)


AETN UK


Sumo Digital Limited


HackerOne


Stink Studios


Harlequin Foodball Club UK


Sport England


Fédération Internationale des Associations de Footballeurs Professionnels (FIFPro)


Sine Digital Limited


Impulse Innovations Ltd (t/c causaLens)


Urban Markets Limited (t/a Bricks & Logic)


Principaux dossiers


  • Advised FIFPro on its use of player data for support and representation of footballers and in commercial initiatives to help support lower and developing leagues.
  • Advised ESL FACEIT Group on its regulatory strategy for data analytics.
  • Advised AETN UK on the launch of its new Crime+Investigation Play SVOD channel.

Squire Patton Boggs

Squire Patton Boggs handles the gamut of regulatory, commercial and cybersecurity issues pertinent to data-driven clients, both domestic and international. As well as assisting with relevant issues surrounding transactions, the team regularly handles regulatory investigations and data disputes. David Naylor leads the UK-based data privacy, cybersecurity and digital assets group, as well as co-chairing the EMEA-wide practice.

Responsables de la pratique:

David Naylor


Autres avocats clés:

Victoria Leigh


Les références

‘Strong and commercial understanding of the law and client needs.’

Principaux clients

Aston Martin


Salesforce


Bacardi


Roche


Domino’s


The British Standards Institute


Viant Technology Inc (parent of Adelphic and Myspace)


Maximus Inc


DataCore


We Are Very Social


Tessian


Datasite


Wendy’s


Beauhurst


Principaux dossiers


  • Advising a major global luxury car manufacturer on all data privacy matters relating to the development and international launch of its new connected vehicles across more than 50 countries.
  • Advising a global manufacturing client on a multi-jurisdictional data breach.
  • Advising Tessian on all aspects of its data privacy regulatory compliance and on data-focused transactional matters.

Stevens & Bolton LLP

Stevens & Bolton LLP fields a ‘very knowledgeable team with broad expertise‘ across the data protection space. Practice head Beverley Flynn is particularly known for her work with retail, manufacturing, life sciences and energy clients, and her approach ‘is characterised by a thorough understanding of the sectors she advises on‘. The team’s recent highlights have included breach response, AI-related advice, and data transfers.

Responsables de la pratique:

Beverley Flynn


Autres avocats clés:

Charles Maurice; Gary Parnell


Les références

‘Great knowledge and a practical as well as legal approach to dealing with our data protection, privacy and cybersecurity matters.’

‘Beverley Flynn – great overall management at partner level.’

‘Large team with access to a wide amount of experience. Very impressed with their knowledge and efficiency.’

Principaux clients

Alarm


Aspects Beauty Company


BMD Infrastructure Services Ltd


EnergySys Ltd


Foodient Ltd (t/a Samsung Food)


Kia UK Ltd


Natures Way Foods


Papa John’s (GB) Ltd


Shell Pensioners’ Association


The Safeguarding Alliance Ltd


Principaux dossiers


  • Advising Papa John’s on its data protection strategy.
  • Advised a major Australian construction company on implementing appropriate data protection procedures as it expanded its operations to the UK.
  • Advising Alarm on data protection issues and new incoming UK and EU laws relating to cyber resilience and security.