Data protection and privacy

In an era where data is the new currency, our specialist data protection and privacy team stands at the forefront, guiding clients through the intricate landscape of data laws, often across multiple jurisdictions. We take a pragmatic, solutions-focused approach that ensures compliance, mitigates risks and helps you use data effectively in this increasingly critical area.

A wealth of data protection knowledge

Data protection and privacy laws impact nearly every business, presenting a host of complex and far-reaching challenges. The consequences of non-compliance can be severe, making it essential for organisations to manage their obligations with precision and care.

Additionally, the fast growth of artificial intelligence, a key driver of digital transformation, and the use of data to train AI, raises issues around data protection law. Understanding the complexities of such laws in the context of AI can be demanding, and businesses are now having to confront the evolving intersections of data privacy and regulatory requirements, including compliance with the UK regulations, the EU AI Act, and cyber security laws.

Our data protection and privacy lawyers have a wealth of knowledge in all aspects of data protection laws, covering regulatory investigations, data security, cross-border transfers, consent issues, and data controller/processor dynamics. We also specialise in digital marketing, social media campaigns, subject access requests, and handling claims from individuals and class actions. Our services include drafting and advising on privacy policies, data collection processes, data management policies, data sharing agreements, and international data transfer agreements. We offer expertise in the privacy rights of individuals, including applying for and defending privacy injunctions, and understanding freedom of information laws.

What we particularly appreciate about Penningtons is their excellent and rapid work and their high level of understanding of the context of issues.

Our clients span international listed and private corporations, charities, professional regulatory bodies, professional services firms, and educational institutions. We regularly work with our global network of specialists to deliver a coordinated and holistic approach for our clients. We also provide training and seminars for corporate counsel and marketing/operational teams on practical aspects of the data protection and privacy regime.

How we help our clients

Artificial intelligence

Data collection and retention policies

Cyber security and cyber crime

Security breaches and breach management policies

Subject access requests

Cross border data transfers

Data protection audits and advisory services

Website privacy policies

Digital marketing

Handling of employee data

Privacy injunctions and privacy rights

Freedom of Information Act and Environmental Information Regulations

Man-using-a-laptop-to-create-convincing-fake-image

Useful resources

Data protection compliance service

Doing business in the UK

Navigating the journey of growth: Key legal considerations for scaling up

PennStart – the legal support package designed specifically for start-ups and spin-outs

Beyond the code podcast: The legalities of AI

Digital shifts and legal turns podcast – Guiding your digital transformation journey

Webinar recording: navigating AI’s impact on commercial contracting

Penningtons Manches Cooper’s IT team is brilliant, reliable and responsive. The quality of service is outstanding.

Penningtons Manches Cooper is recognised for its strength in the technology sector.

Recent work highlights

Supply chain data protection

Assisting a telecoms and cloud communications provider with a supply chain contract review for data protection compliance, providing support through a virtual team within a tight timescale.

Data broker customer contracts

Assisting a UK based data broker with customer contracts under a ‘strategic partner’ umbrella, addressing ownership and IP rights, as well as providing short-term secondments for legal services.

Energy provider agreements

Advising an energy provider on commercial agreements, including for the development and maintenance of its underlying technology platform, consumer terms and conditions, and a data protection audit and compliance plan.

AI customer relationship management product

Acting for a fintech data provider on terms for a new AI-powered CRM product for investment opportunities, mapping data stream rights and data protection obligations.

Manufacturing AI compliance

Working with a developer of AI technology on compliance for AI models used in automated manufacturing, ensuring IP rights and data usage restrictions.

R&D funding data protection

Advising a UK R&D funding agency on day-to-day data protection issues, empowering scientists and engineers with resources and freedom to pursue breakthroughs.

DTIA for international organization

Drafting a data transfer impact assessment for the sharing of data between entities for an international organization based in the US, China, Hong Kong, India and Dubai.

Fintech analytics data protection

Acting for a fintech data analytics organization on a range of data protection issues and data licensing arrangements to support its commercial operations.

International bank data transfers

Assisting the UK subsidiary of a Pakistan-based bank on transfers of data between its head office in Pakistan, and its London, Belgium and Switzerland branches.

UK GDPR compliance advice

Providing guidance to an international financial services client on UK GDPR compliance for its new digital marketplace for Europe, including amending the global privacy policy for use in the UK, and creating a cookie banner and policy.

Compliance with Schrems II

Advising a global organization on its international data transfers from the UK to its offices in the US, China, Hong Kong and Singapore, to ensure compliance following the Schrems II decision.