Data protection

  • Overview

    Expert advice in relation to all aspects of data protection information governance, privacy, cyber liability and electronic communications.

    For many organisations information, data and especially personal data are critical to the success of their businesses. Both public and private sector organisations are collecting, holding and processing ever greater amounts of personal data, sensitive personal data and other data in the course of their day to day operations.  This valuable asset should be commercialised effectively and adequately protected.

    The UK Government is committed to upholding information rights in the public interest and protecting the privacy of individuals in respect of their personal data. In an increasingly regulated environment, organisations must be aware of their obligations under relevant legislation including the current Data Protection Act 1998, (the "DPA") and the forthcoming GDPR. The GDPR, with its more stringent rules and increased penalty regime (which may be linked to annual turnover) means that the importance of compliance will become more acute for all organisations.

    Breaches of the DPA and the forthcoming GDPR may lead to significant reputational damage for organisations. Additionally, the financial penalties that can be levied for breaches are becoming increasingly severe. Undoubtedly the future will entail an increase in the data protection compliance obligations of all organisations that collect, hold and/or process personal data as part of their operations (both home and abroad).

    Weightmans' expert team provides advice in respect of a full range of data protection and information governance related issues including:

    Data Protection and e-commerce issues

    • GDPR compliance audits
    • Access to and use of personal data
    • Cyber liability and security breach management
    • Data sharing and information sharing protocols
    • Data subject access requests
    • ICO investigations and litigation
    • Employment related issues
    • International data transfers
    • Social media and CCTV
    • E-marketing
    • Cookies and cookie policies

    We have a significant practice advising a wide variety of clients on data protection and information governance matters, ranging from sole traders to multinationals. We regularly advise major data providers on complex and technical issues in this area.

    We have particular experience advising insurance industry bodies on data issues including the set up of fraud detection services, such as databases holding detailed claims data. Recent examples include our advice provided to the Motor Insurers’ Bureau in relation to the MyLicence Project (a major data sharing project supported by the UK Government, DVLA and ABI).

    We regularly act for a wide variety of clients, both in the public and private sectors, ranging from retail businesses, to data providers, to insurers and insurance industry bodies, to healthcare providers, universities, police forces and local authorities, to providers of short term loans and automotive companies.


    Protecting personal data is key for us and we found that when working with Weightmans we were able to find watertight solutions to data protection questions in critical areas such as data sharing and data security. 
    Kaushik Patel, Head of Risk and Compliance, Motor Insurers' Bureau

    Main Contact
    Employers vicariously liable for data breach

    Employers could be vicariously liable for misusing employee’s data even if they had done all they reasonably could to prevent it.

    Martin Forshaw
    Martin Forshaw Partner
    GDPR: what to do when a data breach occurs

    The General Data Protection Regulation will introduce strict new reporting and record-keeping requirements in relation to data breaches.

    GDPR: Can we still rely on employee consent to process data?

    The implementation date for the General Data Protection Regulation (“GDPR”) is beginning to loom large on the horizon (25 May 2018).

    The NIS Directive and the potential for European Member State cooperation

    Imagine a massive cyber attack shutting down your fridge-freezer, immobilising your car and switching off your central heating.

    Mark Surguy
    Mark Surguy Partner

    Data Protection Update

    The implementation of the General Data Protection Regulation (GDPR) in May 2018 will bring changes.

    GDPR: are you ready?

    Data is the key asset of most businesses. It should be adequately protected. The forthcoming GDPR means that data 'big bang' is imminent.

    Sean Crotty
    Sean Crotty Partner

    Data on deals: what are your obligations?

    The ICO is tasked with ensuring compliance with the Data Protection Act. There are seven key principles governing the security of personal data.

    Robert Turnbull Consultant

    The Internet of Things – do the privacy risks outweigh the advantages?

    On 16 September 2014, the Article 29 Data Protection Working Party, adopted Opinion 8/2014 on Recent Developments on the Internet of Things.

    Sean Crotty
    Sean Crotty Partner

Share on Twitter