Every organisation needs good information management to run successfully. Rigorous data protection laws - plus increasing regulatory and commercial pressure - mean a clear understanding of the storage and use of information is absolutely essential.
Keystone's data protection specialists use their thorough grasp of the law and understanding of the individual needs of our clients to deliver a strategy that ensures their compliance, now and in the future.
We advise companies of all sizes on data protection and privacy issues, from start-ups to large corporate entities across most sectors. Whether you require short-term crisis management assistance or a global program tailored to satisfy international data protection authorities, our clients receive pragmatic, practical and cost-effective solutions.
We also have specialist lawyers in outsourcing, employment, litigation and corporate law (start-ups) who can advise on a range of data protection issues.
For further information or to discuss a matter please telephone 020 3319 3700 or click here to email us.
To receive our monthly email newsletter, please click here.
Our data protection team understands that in some cases, individuals wish to see what personal information is held about them by a company or organisation – a right awarded to them through The Data Protection Act. We advise organisations on the necessary procedures involved in dealing with such requests.
Our experts fully appreciate the fact that as one of the leading users of CCTV, the UK has a record number of cameras on the streets which can raise a number of privacy legal issues. We assist organisation using CCTV, whether recording personal images or vehicle registration numbers, to comply with the legal requirements governing how these images are gathered, stored and used.
Our team of highly skilled data protection experts work closely with organisations to help them develop compliant procedures for the collection, storing and processing of personal data. We regularly work closely with businesses to give guidance on the legal compliance duties placed upon them through the data protection laws and regulations including in relation to how they collect, store, use, disclose or transfer personal data and on how to manage regulatory enquiries and audits and claims from individuals.
Our lawyers are perfectly placed to guide clients through the plethora of duties placed upon them, under The Data Protection Act 1998 (the Act) which controls the use of ‘personal data’. We can advise on registration requirements of the UK Information Commissioner’s Office (ICO) (the body tasked with enforcing the Act) and on other regulations under the Act, for example in relation to how personal data can be lawfully obtained, stored, disclosed and shared including transfers of personal data outside of the UK. We are also experienced in assisting organisations with their interactions with the ICO on all matters including development and approval of Binding Corporate Rules, ad-hoc data transfer agreements and on data subject complaints and any enforcement actions.
As the world of business becomes increasingly global, it's crucial that international law keeps up with the pace. Our data protection team is skilled at dealing with all matters, in relation to the European Union Directive which regulates the processing of personal data within the EEA. The Directive is an important component of EU privacy and human rights law and we ensure that our clients are equipped, in their knowledge, to deal with any issues that may arise. Even in a post-Brexit world many clients will need to ensure that they are complying with the relevant EU data protection legislation which will apply where they collect and process personal data of EEA individuals even if the collection, storing and processing of that personal data occurs in the UK.
The General Data Protection Regulation (‘GDPR’) comes into force in May 2018 and will replace the EU Directive. Whether or not Britain choses to implement the GDPR post-Brexit our privacy team will be keeping up to date with national developments in the UK and has a full understanding of the changes being implemented across the EEA by the GDPR. The team is well place to advise organisations that will be impacted by the GDPR (whether or not the UK adopts the new EU regulations) to ensure that they understand the changes in the EU regulation and whether or not they need to comply with the new regulations and, where they do, to help them to develop their compliance programs in preparation for the coming into force of the new regulations in Spring 2018.
Many businesses routinely transfer data overseas, whether to another group company, to a third party for sub-processing or for other reasons. This process can be fraught with legal compliance issues as the UK Data Protection Act and the EU Data Protection Regulations do not allow the transfer of personal data outside of the EEA to countries that are not deemed by the EU Commission as affording the same safeguards for personal data as those under the EU Data Protection Directive. We are well placed to advise organisations of all sizes on legitimising these overseas transfers of personal data and on the requirements for on-ward transfer.
The value of personal data, collected by an organisation, can be hugely significant, as long as it has been collected in a legally compliant way. Whether such data can be used for future marketing activities, either by the business that collected it or by others, is often overlooked and can have negative connotations. The regulators, not only in the UK but globally, are cracking down on direct marketers who flout the law and we are seeing an increase in enforcement action and some huge fines levied against perpetrators. We regularly work with businesses to ensure that personal data is collected in a way that facilitates best practice in future marketing activities and advise on how to comply with direct marketing regulations so as to run legally compliant marketing campaigns.
We currently assist companies in reviewing their existing privacy notices and other relevant internal policies concerning personal data, and help them draft appropriate policies and notices to ensure that they will remain compliant. With the implementation of the new GDPR which replaces the current EU Directive on data processing, many organisations will need to update their privacy notices and policies and revamp their internal policies concerning collection and handling of personal data. The team is already working with organisations to assess current policies and procedures and to being the updating process and is well placed to guide both large and small organisations in this area.
The team is also experienced in providing training progammes for organisations that assist in bringing staff and management up to speed on their privacy rules and regulations.
The retention of communications data, in the UK, has long been recognised as a valuable measure. Our lawyers understand the importance of regulation, such as The Regulation of Investigatory Powers Order 2015 and the Retention of Communications Data (Code of Practice) Order 2015, and the Freedom of Information Act 2001, in regards to businesses concerned with providing telecommunications and other data services and government organisations providing public services and holding public data. We guide these businesses and government regulations through the miasma of their obligations on all retained data and requests for disclosure - working closely with them to ensure that they have appropriate policies and procedures in place relating to such retained data. We can also advise on the making of applications for access to such data and are on hand should any application be refused.
Vanessa is a commercial lawyer who helps clients who are using technology to innovate or disrupt established ways of doing things. She has supported clients from household-name global brands to nimble start-ups do this for over 15 years, across goods, services and digital.
Carolyn has a wealth of experience in company/commercial law and specialist skills in IT law and data privacy. She has a proactive approach and provides business-focused solutions on a broad range of commercial and corporate transactional matters and helps companies to address compliance issues particularly in regard to data privacy.
Rupert has a commercial advisory practice based broadly around commercial contracts and the management and exploitation of intangible assets.
Gillian is an IT, intellectual property and commercial lawyer who advises on commercial arrangements and the protection and exploitation of intellectual property. She has extensive experience in technology, digital media and marketing services contracts and particular expertise in IT and business process outsourcing, software development and licensing and issues affecting online businesses.
Jimmy is a commercial lawyer specialising in Internet and technology law, data protection, intellectual property, commercial contracts, and IP/IT in M&A transactions. Jimmy has worked for a range of high-profile clients including BT, Royal Mail, AIG, lastminute.com, Shazam, and Surrey Satellite Technology
Ian is a highly-skilled Brand Management and Intellectual Property lawyer with a keen focus on the legal aspects of marketing, advertising, sales promotions, sponsorship and endorsement agreements, lotteries and merchandising. During his career Ian has advised a number of household names including McDonalds, HMV, NCP, New Look, River Island, Luxottica and Swarovski.
Dual-qualified to practice in both the UK and France, Bruno is a lawyer specialising in financial services, payment services and fintech. His versatile practice covers funds and asset management to payments, derivatives, market infrastructure including clearing and fund custody
Tara is a solicitor advocate who advises on a range of employment issues, both contentious and non-contentious. She is also an employee data protection specialist and has an abundance of experience in advising companies on the new General Data Protection Regulation (GDPR).
JP is a corporate and commercial lawyer with a wealth of knowledge gained from his time in private practice and general counsel roles.
An experienced intellectual property and information technology solicitor, Maureen works across a wide variety of sectors including healthcare, technology, education, travel, media and entertainment.
Sarah is a commercial contracts and IP lawyer with a particular specialism in the Technology, Media and Data Protection sector.
Paul is a commercial lawyer who advises on the protection, acquisition and exploitation of intellectual property rights and on legal aspects of websites, including terms and conditions, privacy policies and other online contractual matters.
Philippe is a leading specialist in EU and UK competition law, trade law and data (GDPR) issues. He is a dual Swiss and British national and works in English and French.
Sarah is a general commercial lawyer having worked within a number of industry sectors, including manufacturing, IT and telecoms, payroll outsourcing, medical, publishing, media and travel.
Tracy is an experienced commercial lawyer with extensive experience in the technology and telecoms industries, with a particular emphasis on complex commercial transactions and data protection. Tracy has advised on a broad range of complex and high-value matters across the public and private sectors and has held senior strategic positions in a number of technology companies, and before joining Keystone, she worked for seven years in-house at Motorola Solutions.
Emmanuel is commercial lawyer specialising in technology, intellectual property, data protection & privacy, commercial contracts and IP/IT in M&A transactions. He advises funded small and medium-size businesses, corporates like Apigee (Google), Wm Morrisons plc, Pentaho Corp. (Hitachi Data Systems), WorkForce Software LLC, high-tech start-up ventures, angel investors and VCs.