Our specialist information law team provides cost-effective, novel solutions to our Charity & Social Enterprise clients on privacy, data protection, GDPR, data transfer challenges and data breaches.
Information law is a fast moving and complex legal landscape which calls for specialists not generalists.
Our Information law team is led by a core of Information lawyers with specialist qualifications and long-standing expertise. The team has sector-specific experience and works alongside lawyers in the Charity & Social Enterprise team to deliver truly practical and cost-effective solutions to help you navigate the Information Law regulatory maze.
Our Information Law team provides legal advice, support and training (both face to face and online) through novel and flexibly priced options so our Charity and Social Enterprise clients can pick and choose a level of service that suits.
We provide full spectrum advice and support to charities, voluntary organisations and social enterprises, including:
- Legal advice
On compliance with your obligations under data protection, GDPR, Privacy and Electronic Communications Regulations (PECR) and planning for the ePrivacy Regulation (set to replace PECR) and freedom of Information law.
- Data breach management service
Including technical cyber breaches, reporting a breach, and what you need to do before a breach occurs.
- Data protection audits and health checks
The aim of the GDPR audit or health check is to determine and assess your organisation’s level of compliance. Our methodologies have been honed by our specialist lawyers to efficiently capture information about how your organisation handles personal data so that you get a picture of how compliant you are with law.
- Data transfer challenges
We can advise on all stages of the transfer of data – from ensuring that the appropriate consents / notices are in place to drafting agreements that may be necessary in specific circumstances.
- Outsourcing of data processing
We can advise on, and draft data protection contract clauses and data processor agreements.
- Data Sharing Agreements
For independent controller to independent controller sharing or joint controller arrangements.
- Drafting bespoke data protection policies
Agile/remote working policies, privacy notices and consent mechanisms.
- Direct marketing
Including fundraising campaigns, profiling, data cleansing and data enrichment
- Website Compliance
Including cookies, privacy, and sharing policies.
- Data Subject Access Requests
This includes other legal rights under GDPR, requests under Freedom of Information Act and Environmental Information Regulations and Reuse of Public Sector Information Regulations.
- Photographs, video, social networking, Artificial Intelligence (AI) and use of biometrics
Understand the dos and don’ts of CCTV, biometric data and data sharing.
- Data Security
Data Protection Impact Assessments, pseudonymisation and anonymisation and data security measures
- Staff Training
This training includes bespoke, standard, face to face and online training. We also provide truly bespoke online training to reflect your local policies and procedures. Please see our training in data protection and freedom of information page for more information.
- Serious Indicent Reporting
Advice on Serious Incident reporting to the Charity Commission in an Information Law context.