We have extensive experience in advising companies on a full range of GDPR compliance plans and issues. We are supporting businesses across a range of sectors and understand the developing market practice as GDPR is addressed.
We take a holistic approach to advice, with specialists – be they employment, pensions or drawn from sectors – working alongside our core data privacy lawyers.
Recent data privacy work includes advising:
- A multinational ecommerce company on various data protection projects including a review of its existing data protection policies.
- A wide variety of corporate clients on GDPR compliant internal policies, contract clauses, privacy notices and consents, data subject access requests, cyber security and data breach incident response.
- Numerous pension schemes on comprehensive compliance programs for its trustee clients to meet the requirements of GDPR.
- An international oil and gas company with its audit/data mapping process, and subsequent GDPR implementation project.
- A leading integrated trading company and investment solutions provider on its preparations for GDPR. We have advised on how best to approach the project across 10 countries and prepared a ‘gap analysis’ to identify key GDPR actions.
- A global telecommunications company on guidance to their GDPR compliance programme and advising on complex data protection issues.
- A financial institution on its UK GDPR implementation programme. We have prepared advice on key changes it will need to be aware of under GDPR and prepared a tailored GDPR questionnaire and data map to capture information.
- Several international clients in respect of employee/HR GDPR requirements, which included co-ordinating multi-jurisdiction advice.
- A major energy supplier on a GDPR compliant pre-employment process and its lawful basis for processing.
- A leading airline on HR data retention in the context of the GDPR.
- A media company on subject access and other data subject rights, and its policy approach under the GDPR.
- A leading international insurance group on its GDPR compliance programme, including privacy notices, policies and procedures.
- A pensions administration and actuarial services provider on aspects of its GDPR compliance programme and documentation.
- A variety of insurance brokers in relation to training on and implementation of their GDPR compliance programmes, including contract terms.
- A financial services corporation on preparing a data protection best practice checklist.
- A national bank on the development of a process whereby CMS will assist the client with the processing of data subject access requests on a routine basis.
- A multinational financial services group on various matters, including advice on trans-border data flows, binding corporate rules and the implications of being a third party data processor.