So you should do regular checks to ensure your policies and procedures are up to date. Making sure that your computer systems are safe and secure is now an item which ought to be on the top of the agenda of every business. Failures to adequately protect data can leave your business at significant risk.

What you need to know

Making sure that you are aware of and understand your data flows, have clear and clearly understood policies in place, are engaged on security issues and have all of your processes and procedures in place is a must.

Good, well thought out and compliant policies will enable you, your customers, your employees and, most importantly, the information regulator, to recognise that you take the data processing rules and cyber security seriously. This will engender confidence in your organisation, and it lowers your risk if subject to investigation following a failure.

How can we help?

We have experience and expertise in data protection and cyber security at every stage including policy assessment and drafting, insurance, data subject access requests, cross-border data flows, cyber breach, litigation and dealing with information regulators. A member of our team also advised the UK Government on the Data Protection Act 2018, giving us a unique understanding of the new data regime.

Our support extends through Privacy, Cyber Security and Data Protection to Blockchain use, crypto-currency and all required online regulatory compliance issues.

Key contact

James Tumbridge has considerable expertise in contentious and non-contentious aspects of data protection and cyber security.

James advises on global data protection solutions for outsourcing businesses as well on general data policy compliance. James additionally has experience opposing applications brought by the police for data disclosure across Europe, and before the English Courts. His experience includes addressing a UK police application to an English Court against GB Company directors with links to a Luxembourg Company, the police sought data possibly held by that Luxembourg Company. The matter raised questions of jurisdiction and control, and the powers of the Court. Our team advised on the limits/powers of Court disclosure orders as against companies outside the court jurisdiction including companies with a group, and on directors liabilities inter-group. James also led the team protecting a company’s seismic data from release where a government claimed rights over data in the public interest. James has additionally advised political parties and campaigns on their dealings with the UK Information Commissioner responding to complaints, and considering the appropriateness of orders restraining them from certain forms of communications. James additionally sits as Police Tribunal Chairman and has given rulings concerning police officer data breaches, and use of the Automatic Number Plate Recognition system.

Our wider team is experienced in all aspects of data protection including pharma, smart buildings, security and database rights (both contentious and non-contentious). We have represented a wide range of clients in their dealings with the UK ICO. Our experience includes helping in multi-party solutions to complex data protection problems with cross-border elements involving sensitive personal data and acting. We have also assisted pharma clients concerning the handling of clinical trial data as well as regulatory data protection. Our clients also include charities and political organisations who turn to us for our unique understanding of the inter play between data and their regulator environment.

We regularly offer bespoke training to a wide range of entities. Those we have assisted include the Serious Fraud Office, three UK police forces, charities, political campaigns, various companies from theme parks to software service providers, loss adjustors and their clients in relation to insurability and claims concerning cyber security.

James is supported by Robert Peake.