Data protection

  • Overview

    Expert advice in relation to all aspects of data protection information governance, privacy, cyber liability and electronic communications.

    For many organisations information, data and especially personal data are critical to the success of their businesses. Both public and private sector organisations are collecting, holding and processing ever greater amounts of personal data, sensitive personal data and other data in the course of their day to day operations.  This valuable asset should be commercialised effectively and adequately protected.

    The UK Government is committed to upholding information rights in the public interest and protecting the privacy of individuals in respect of their personal data. In an increasingly regulated environment, organisations must be aware of their obligations under relevant legislation including the current Data Protection Act 1998, (the "DPA") and the forthcoming GDPR. The GDPR, with its more stringent rules and increased penalty regime (which may be linked to annual turnover) means that the importance of compliance will become more acute for all organisations.

    Breaches of the DPA and the forthcoming GDPR may lead to significant reputational damage for organisations. Additionally, the financial penalties that can be levied for breaches are becoming increasingly severe. Undoubtedly the future will entail an increase in the data protection compliance obligations of all organisations that collect, hold and/or process personal data as part of their operations (both home and abroad).

    Weightmans' expert team provides advice in respect of a full range of data protection and information governance related issues including:

    Data Protection and e-commerce issues

    • GDPR compliance audits
    • Access to and use of personal data
    • Cyber liability and security breach management
    • Data sharing and information sharing protocols
    • Data subject access requests
    • ICO investigations and litigation
    • Employment related issues
    • International data transfers
    • Social media and CCTV
    • E-marketing
    • Cookies and cookie policies

    We have a significant practice advising a wide variety of clients on data protection and information governance matters, ranging from sole traders to multinationals. We regularly advise major data providers on complex and technical issues in this area.

    We have particular experience advising insurance industry bodies on data issues including the set up of fraud detection services, such as databases holding detailed claims data. Recent examples include our advice provided to the Motor Insurers’ Bureau in relation to the MyLicence Project (a major data sharing project supported by the UK Government, DVLA and ABI).

    We regularly act for a wide variety of clients, both in the public and private sectors, ranging from retail businesses, to data providers, to insurers and insurance industry bodies, to healthcare providers, universities, police forces and local authorities, to providers of short term loans and automotive companies.


    Protecting personal data is key for us and we found that when working with Weightmans we were able to find watertight solutions to data protection questions in critical areas such as data sharing and data security. 
    Kaushik Patel, Head of Risk and Compliance, Motor Insurers' Bureau

    Main Contact
    Spreading the net on vicarious liability

    The Court of Appeal has confirmed that an employer can be vicariously liable for the wrongful acts by its employees done with the intention of harming…

    Peter Forshaw
    Peter Forshaw Partner
    "Have you had a data breach in the last six years?"

    Solicitors and Claims Management Companies advertising for personal injury claims are out of touch - these days, a privacy breach is the new 'claim…

    Mark Brenlund
    Mark Brenlund Partner

    LEGAL COMMENT: British Airways cyber attack

    British Airways has announced a 'sophisticated and malicious' cyber attack, where for 16 days hackers were able to retrieve customer data from both…

    Ed Lewis
    Ed Lewis Partner

    Damages payable by employer for preventing access to an employee’s iTunes library, AOL, LinkedIn and WhatsApp accounts

    The claimant received damages for his employer’s negligent accessing of his internet accounts.

    Roddy Macleod
    Roddy Macleod Partner

    GDPR week 1 – Financial Penalties

    Get it right or it can be a costly event- Fines for getting GDPR wrong have significantly increased.

    GDPR week 2 – Disciplinary and grievance records

    The Information Commissioner says that, under GDPR, organisations need to document retention schedules for the different categories of personal data.

    Claire Hollins
    Claire Hollins Associate

    GDPR week 3 - Medical records and consent

    Health information is "special category data" under the GDPR and the employer will need to show a lawful basis for processing it.

    Claire Hollins
    Claire Hollins Associate

    What are the implications of the GDPR for the retail sector?

    In this era of personalised communication strategies and targeted online marketing, radical changes to data protection laws have huge implications for…

Share on Twitter