Data and Privacy | Fieldfisher
Skip to main content
Select location United Kingdom

Data and Privacy

Fieldfisher's Data and Privacy Team is renowned as a market leader in the field and recognised for its expertise and performance. Our Team is highly sought after for its skill in navigating complex matters while providing straightforward, actionable advice. With extensive experience working with some of the world's largest, most sophisticated technology and data-rich companies, we are at the forefront of innovation, pushing the boundaries of compliance and best practices.

Why choose our Data and Privacy lawyers?

We collaborate with many of the world's leading corporations to provide ongoing advice, as well as supporting novel issues, the launch of new products and services as well as guidance to clients on how to compliantly enter new markets.

Our Team excels in global privacy projects, GDPR and ePrivacy compliance, product and services related issues such as data transfer, data protection impact assessments, processor arrangements, data sharing and policies and  the implementation of AI.

With our exceptional experience and extensive legal knowledge, we help you navigate the complex and fast-moving compliance landscape.

We collaborate closely with our offices located across Europe, Silicon Valley, California and China. This enables nearly 24-hour coverage of unrivalled privacy expertise. Our dedicated network of local counsel in over 100 jurisdictions enables a truly global outlook that facilitates the seamless provision of legal services to our clients.

We also provide clients with cutting-edge tools to help them manage major technology-related issues and risks, including data breaches for which we offer our Fieldfisher Data Breach Manager service as well as our alternative legal services affiliate Condor service.

With Condor we are able to help clients effectively deal with the necessary document review for a DSAR in a cost-efficient way. Using appropriate eDiscovery tools to deduplicate and de-thread emails besides applying key word searches and date range filters, we significantly reduce the volume of documents, which are reviewed by trained paralegals and escalated for further input, where necessary. 

Our Data and Privacy team aligns itself across three broad practice pillars

We are experts in data governance, accountability and advisory work. 

We advise our clients on policies, procedures and practices to ensure their operational processes adhere to the data protection requirements outlined in the UK and EU GDPR. Taking into account regulatory guidance and fines together with any case law, we will provide you with a practical approach via which you can demonstrate your compliance to clients, customers, employees and regulators alike.  With our extensive breadth and depth of knowledge across a multitude of sectors, we can offer examples of what is considered the benchmark level of compliance with best practice.

We offer a roadmap for your ongoing compliance journey, including: a selection of packages for data protection officer services; advice on international data transfers (including Standard Contractual Clauses, Transfer Impact Assessments and Binding Corporate Rules); and data record keeping requirements. We explain how best to manage the most difficult data protection issues your organisation faces.

Today, data is integral to every organisation whether it be the collection and sharing of data, its use in activities like analytics, research or profiling, or how and where it is processed.  Each of these exercises are underpinned by a commercial contract and/or data protection practice (such as DPIAs or data protection by design and by default). Working with some of the largest and most sophisticated technology companies in the world, our Data and Privacy team handles an enormous volume of work in this area. 

This ranges from commercial contracts with customers and vendors through to reviewing new products, sales and marketing advice across all channels (e-mail, text, phone and post) besides profiling and online advertising in the increasingly changing sphere of adtech. We have outstanding experience in helping businesses achieve their commercial and product oriented goals in a way that provides effective protection for individuals’ data.

When suffering a personal data breach, the decision to notify or not is often finally balanced. To determine if an incident merits notification often needs the input of experience to consider the potential consequences of reporting and where to report, which may be across a multitude of jurisdictions. This is a process we are adept to handle and assist you with. Furthermore, organisations sometimes grapple with parallel notification requirements under GDPR, NIS and the ePrivacy Directive and we can support you in navigating the applicable regimes.

In addition, many organisations face increasing challenges through the so-called “weaponisation” of data subject rights, where individuals submit enormously time-consuming and expensive requests easily, and without cost. Our team has significant experience in advising organisations in both preparing for these risks and mitigating against them before or as and when they arise. 

Employee data subject access requests can be extremely complex and time and cost intensive. We can advise in relation to conducting appropriate searches and the use of appropriate technology, which, together with a culture of data minimisation, can help make the process more seamless. We have extensive experience in managing regulatory investigations within the UK and more widely: our links with regulators and understanding of their priorities help us advise our clients on the key issues in any investigation.

Notable deals and highlights

  • Provided significant advice on the development and launch of a new Generative AI product (Large Language Model) from the data perspective whilst coordinating input from our IP and tech departments.
  • Advised clients on post-GDPR regulatory investigations in the UK and across a number of European Member States.
  • Supported clients to monitor, update and enhance their policies and procedures in accordance with regulatory enforcement and Court judgments as the GDPR has evolved over the last six years. This work is completed both within our team and by using our Condor solution for high volume contracts.  In the run-up to GDPR we provided commercial contracting support to a wide range of leading, household brand clients to ensure that their customer and vendor contracting templates were GDPR-compliant and we successfully helped push those contracts out and negotiated them through to completion successfully.
  • Effectively counselled multiple organisations through the process of binding corporate rules applications - both pre- and post-GDPR, and across various different Member States as lead authority. 
  • Aided clients keen to understand and rely on the EU-US Data Privacy Framework.
  • Supported a large gaming publisher with their children's data compliance with the UK's Age Appropriate Design Code and EU guidance on children's data and online safety.
  • Managed large volume and complex data subject access requests (DSARs) for clients in the public and private sectors. 
  • Overseen the response to a large cyber security incident for a multinational business, which resulted in an extensive review of potentially compromised data. We supported the client through its communications to the regulator, staff and affected data subjects.
  • Advised on privacy issues within the Internet of Things (IoT) space for multiple clients including connected toys, vehicles and homes.
  • Our team provides data protection officer services for clients across a number of sectors including tech, pharma, broadcasting, retail and leisure industries.
  • Assisted a media business on the compliant collection and monetisation of viewing information.
  • Directed various ad tech businesses on their compliance with e-Privacy and GDPR consent requirements, as well as in connection with regulatory enquiries into online advertising practices.
  • Supported clients with preparations on the Data Act and other new EU legislation including the Data Governance Act, Digital Services Act, Digital Marketing Act and the EU AI Act.

Data and Privacy updates

Representing some of the largest tech companies, leading household names operating across other sectors and advising clients across our full service law firm, we continually innovate our approach to service delivery, providing cutting-edge tools to help clients manage major data related issues and risks.

Our team is extremely knowledgeable about this subject and focuses on bespoke practical solutions for our client base. We are known to go above and beyond for the clients we advise. We continue to extend and develop our client Value Add Programme. Our flagship, annual, one day Privacy Summit is an event our clients do not want to miss.  In addition to our regular webinar programme and published articles, we host practical workshops for clients to attend in person and have recently launched a monthly podcast series of legal updates, called Data & Privacy Matters.

International Privacy Webinar Series

Latest Data and Privacy news and views

View all insights

Fieldfisher Data Breach Manager

Fieldfisher's 24/7 Data Breach Manager service helps organisations manage their data breach compliance obligations by ensuring they have greater capacity to meet the 72-hour window mandated by the relevant supervisory authorities for the initial data breach assessment and reporting to regulators.

Learn more

AI Regulatory Guidebook - December 2023

In this guidebook, we provide an overview of the current positions of the national data protection authorities in the EU member states, Norway, Switzerland the United Kingdom with respect to how personal data may be processed in the context of AI systems.

Read more

Get Data Protection Fit, Modular Training Programme

Watch our channel

Key contacts

See full team

Sign up to our email digest

Click to subscribe or manage your email preferences.

Subscribe