Information is vital for all organisations. As the quantity and complexity of data increases, ensuring compliance with the UK's strict information laws can be challenging.
At the heart of information law is data protection. Our experienced Information Law team help organisations meet their obligations under the Data Protection Act 1998 without compromising on innovation.
Our data protection services are wide ranging and include: preparing contracts, procedures and notices; drafting data sharing and processing agreements; conducting extensive document reviews for subject access requests; and providing bespoke advice on issues ranging from consent to international data transfers.
The General Data Protection Regulation (GDPR) will build on existing data protection obligations. We can support clients in meeting their new requirements in a variety of ways including: auditing and benchmarking existing data protection practices; preparing data protection policies and procedures; contract reviews and updates; and providing workshops and staff training.
For public authorities, we provide specialist support in responding to requests for information made under the Freedom of Information Act 2000 and the Environmental Regulations 2004.
In addition to our role in ensuring compliance, we also provide support and representation for organisations following a data breach, a complaint to the Information Commissioner's Office or appeals to the Information Rights Tribunals.
I have always found Bevan Brittan to be excellent. The information and advice they provide has helped us through some difficult challenges.
We provide a wide range of information law services including:
- Delivering practical and bespoke training and workshops on a range of information law matters including GDPR compliance and cyber-risk issues
- Drafting GDPR compliant internal documentation such data protection policies, data breach procedures, data protection impact assessments and privacy notices
- Providing support with subject access requests and requests for information under FOIA and EIR including reviewing, collating and redacting large quantities of emails and documentation
- Conducting data audits and data mapping exercises which underpin GDPR compliance projects. Preparing compliance strategies and practical action plans based on the audit results
- Reviewing, drafting and updating contracts which involve the sharing or processing of personal data
- Representing organisations in relation to complaints to the Information Commissioner’s Office and appeals to the First Tier and Upper Tribunals.
We provide support to a leading global conglomerate in a range of data protection matters including its responses to subject access requests.
Our role includes collating the thousands of documents which fall within the scope of the requests, collating those documents, reviewing the documents and redacting the documents where an exemption applies.
We advised a healthcare provider on the use of cutting edge and innovative technology in the provision of healthcare for patients. In addition to providing expert advice, our support included the preparation of a GDPR compliant data sharing agreement and the drafting of a privacy impact assessment to map the processing of personal data and establish the lawful basis for such processing.