In today’s interconnected world, data and information rights are crucial to businesses and individuals, and innovations in digital and communications technology have revolutionised how data and information is created, stored, processed and shared. In recent years, data protection law has undergone significant change, and the privacy rights of individuals have taken centre stage. Despite Brexit, the EU General Data Protection Regulation (GDPR) is retained in UK domestic law through the Data Protection Act 2018 (DPA), and businesses must be proactive in their assessment of their data protection practices, ensuring they are fully compliant with the law.
Individuals have enhanced rights to control their personal data, and those who are handling personal data have extensive obligations to ensure those rights are respected and protected. Failure to comply with those obligations means businesses risk reputational damage, loss of contract opportunities and the potential for significant fines.
Our expert team of data protection solicitors assists public, private and third sector businesses with all aspects of data protection law, including responding to data and cyber security incidents, reviewing or drafting procedures and policies, undertaking data audits and data mapping exercises, and advising on international data transfers, the deployment of big data technologies, and cyber security matters.
Data security and cyber incidents
Data security and cyber security incidents can take many forms and affect organisations of all shapes and sizes, whether public, private or third sector. Our lawyers can assist you in understanding whether your business has suffered a data or cyber breach, preparing the appropriate notification to the ICO (if required), and evaluating your organisation’s data security and governance measures to ensure you have the appropriate policies, procedures and training in place.
Policies and procedures
Preparation is the best defence to maintaining confidentiality, integrity and availability of data, and we can help you identify what policies, procedures and documentation your organisation needs. We can provide various types of tailored documentation, including legal basis flowcharts, privacy notice checklists and privacy notices, Appropriate Policy Documents, template Data Protection Impact Assessments (DPIAs), data protection policies and privacy standards, data subject rights procedures, personal data breach policies and procedures, document retention policies, guidance tools for determining parties’ roles, data processor checklists, cookie policies and more.
We can also provide your business with template contracts (whether a formal contract or an informal FAQ or protocol document), as well as review and update your existing contracts in line with data protection standards.
Data auditing and mapping
Our data protection solicitors can help you understand the flow of personal data within your organisation and implement any remedial actions to improve compliance. We regularly assist clients with auditing and data mapping exercises, including multi-jurisdictional audits, and can act as lead counsel when input is required from local solicitors, for example, to account for the derogations among EU member states.
International data transfers
Data protection legislation imposes conditions on data transfers to organisations located outside the UK, and the organisation transferring personal data should ensure that the transfer meets relevant legal requirements. MFMac routinely advises clients on the international aspects of data protection compliance, assisting both UK-based clients in relation to international data transfers and organisations outside the UK and EEA on compliance with data protection requirements in connection with their activities in the UK and the EEA. We can advise you on whether you need an EEA or UK-based representative, and what their responsibilities are under the relevant data protection regulations.
If your business needs guidance on data protection requirements in particular countries, we can assist you in obtaining that guidance through our global network of data protection experts.
Big data technology
Big data refers to high-volume, high-velocity and high-variety assets (data) which are processed by computing software using a variety of algorithms and artificial intelligence to produce specific data. There has been a significant increase in both the development and use of big data technology in recent years, particularly in the commercial sphere, including the public sector and healthcare, MedTech, life sciences and insurance sectors.
There are many legal implications for big data technologies, and MFMac advises organisations involved in the deployment of big data technologies or systems on compliance with data protection law, intellectual property law and competition law.
Cyber security and cyber crime
The law around the use of technology to conduct criminal activity has developed significantly in recent years, in part due to the volume and sophistication of crimes involving technology. The law concerning cyber security is also evolving into a very sophisticated framework of rules and regulations, which can be difficult to navigate.
Our team of data protection solicitors advises clients on compliance with the requirements to minimise the risk to their business, including cyber risk assessments and due diligence processes, incident response, contractual undertaking and transaction/project work.