Our recent projects

We have extensive experience in advising companies on a full range of GDPR compliance plans and issues. We are supporting businesses across a range of sectors and understand the developing market practice as GDPR is addressed.

We take a holistic approach to advice, with specialists – be they employment, pensions or drawn from sectors – working alongside our core data privacy lawyers.

Recent data privacy work includes advising:

• A multinational ecommerce company on various data protection projects including a review of its existing data protection policies.
• A wide variety of corporate clients on GDPR compliant internal policies, contract clauses, privacy notices and consents, data subject access requests, cyber security and data breach incident response.
• Numerous pension schemes on comprehensive compliance programs for its trustee clients to meet the requirements of GDPR.
• An international oil and gas company with its audit/data mapping process, and subsequent GDPR implementation project.
• A leading integrated trading company and investment solutions provider on its preparations for GDPR. We have advised on how best to approach the project across 10 countries and prepared a ‘gap analysis’ to identify key GDPR actions.
• A global telecommunications company on guidance to their GDPR compliance programme and advising on complex data protection issues.
• A financial institution on its UK GDPR implementation programme. We have prepared advice on key changes it will need to be aware of under GDPR and prepared a tailored GDPR questionnaire and data map to capture information.
• Several international clients in respect of employee/HR GDPR requirements, which included co-ordinating multi-jurisdiction advice.
• A major energy supplier on a GDPR compliant pre-employment process and its lawful basis for processing.
• A leading airline on HR data retention in the context of the GDPR.
• A media company on subject access and other data subject rights, and its policy approach under the GDPR.
• A leading international insurance group on its GDPR compliance programme, including privacy notices, policies and procedures.
• A pensions administration and actuarial services provider on aspects of its GDPR compliance programme and documentation.
• A variety of insurance brokers in relation to training on and implementation of their GDPR compliance programmes, including contract terms.
• An innovative technology company on the effective anonymisation of personal data under both the Data Protection Act 1998 and GDPR and the drafting of a GDPR compliant privacy policy and consent form.
• A financial services corporation on preparing a data protection best practice checklist.
• A national bank on the development of a process whereby CMS will assist the client with the processing of data subject access requests on a routine basis.
• A multinational financial services group on various matters, including advice on trans-border data flows, binding corporate rules and the implications of being a third party data processor.