Privacy and Information Law Blog
Keep up to date with the latest privacy and information news with our expert analysis...


The world is in the middle of a technological revolution. But the fuel that powers this technological revolution is data.

We have moved beyond simple, on-premise data uses to a world of 24x7 cloud processing, of hyper-personalisation, and of AI. This creates enormous opportunity, but also significant risks: of communications surveillance, election interference, and intrusive and unwanted profiling. To maintain trust organisations must ensure their data uses are fair, lawful, and accountable – or face the consequences.

Fieldfisher is home to one of the world’s finest - and largest - Privacy, Security and Information practices. Partners Hazel Grant and Phil Lee are ranked as first-tier “Leading Individuals” within the Legal 500, and our international team of dedicated privacy specialists comprises more than 60 individuals throughout our international offices. Through our experience of working with all types of organisation, across all sectors and markets, we advise not just on what the law requires, but on what is market practice and on risk-based approaches for the issues at hand.

The work undertaken by our Privacy, Security and Information team falls across three core privacy pillars:

Operational Compliance: We are experts in data governance, accountability and advisory work. We regularly advise on GDPR assessments, international data export compliance (including Binding Corporate Rules), DPO services, record keeping, and DPIAs and LIAs. We also advise on the wide range of practical and strategic implications presented by operational compliance issues – for example: is it necessary to undergo an expensive data centre relocation project, or are there other, more cost-effective ways to address data export challenges? How do you integrate privacy by design into development practices? And more.

Commercial and Product: Working with large and sophisticated technology companies, our team handles an enormous volume of commercial and product related data protection work - from commercial contracting with customers and vendors, through to new product reviews, pan-jurisdictional marketing advice across all channels (e-mail, text, phone, post etc.), and profiling and online advertising. We help clients achieve their commercial and product goals in a way that provides meaningful protection for individuals’ data.

Cyber and crisis-management: Many data protection laws include requirements for reporting cybersecurity incidents to regulators and to affected individuals. But the decision to notify is often finally balanced - is an incident “risky enough” to merit notification? What are the consequences if you do? In addition, many organisations face increasing challenges from the so-called “weaponisation” of data subject rights, where individuals submit enormously time-consuming and expensive requests easily, and without cost. Our team has significant experience in counselling organisations throughout all these challenges and, should you find yourself on the wrong end of a regulatory investigation, we have extensive experience in managing these too.


Notable deals / highlights
  • Successfully counselling multiple organisations through the process of multiple binding corporate rules applications - both pre- and post-GDPR, and across multiple different Member States as lead authority
  • Managing large volume subject access requests (SARs or DSARs) for clients in the public and private sectors
  • Providing commercial contracting support to a wide range of leading, household brand clients in the run-up to GDPR, ensuring that their customer and vendor contracting templates were GDPR compliant, and helping to push those contracts out and negotiate them through to completion successfully
  • This work was completed both within our team and also using our CONDOR solution for high volumes
  • Advising on Big Data issues for a global communications business
  • Managing a large cybersecurity incident for a multinational business, which resulted in extensive review of potentially compromised data. We supported the client through its communications to the regulator, staff and affected data subjects
  • Advising on privacy issues in the Internet of Things (IoT) for multiple clients including connected toys, vehicles and homes
  • Providing data protection officer services for clients in the tech, pharma, retail and leisure industries
  • Advising a media business on the compliant collection and monetisation of viewing information
  • Advising various ad tech businesses on their compliance with e-privacy and GDPR consent requirements, and in connection with regulatory enquiries into online advertising practices.

Expertise spotlight

Key contact Show all

Key contact Show all

Key contact Show all

Key contact Show all

Expertise activity stream