Home / Europe / United Kingdom / Commercial / Data Protection & Freedom of Information

Data Protection & Freedom of Information

Back to Commercial

The EU data protection landscape is shifting with a radical new regulatory framework on the horizon. Our 'extensive team' has the data protection expertise to handle the very largest and most complex local and multi-jurisdictional matters.

Our team is composed of experts in data protection and security, data loss and information management and can draw on our extensive experience in order to provide practical solutions for your business. We also advise clients on the risks and opportunities presented by freedom of information legislation and the strategic use of subject access requests.

What sets us apart is our specialist data protection sector expertise, particularly in highly regulated sectors like technology, media and communications, energy and utilities, healthcare and financial services.  

We are at the forefront of thought leadership and policy change in relation to GDPR. We have advised clients extensively on its implementation and have supported them in their lobbying activities in Europe and the US, responded to the Ministry of Justice call for evidence and provided guides, updates and training on the proposals every step of the way.

Our team provides counsel across a wide range of areas including data protection registration and policy development, data security and mobile device encryption, data transfer procedures using model clauses and binding corporate rules, freedom of information requests, data subject access requests and resolving data protection issues arising from outsourcing projects. 

We also advise various insurers and insureds in relation to cyber-attacks, systems failures and security breaches, through the CMS Cyber Network, covering over 40 countries.

The core data protection team is able to draw on the expertise of other practice areas across CMS such as employment, financial services and litigation.

Law-Now: Data Protection & Freedom of Information
Visit Law-Now for legal know-how and commentary
Advising the Board


CMS data protection update (04/2024)
I. The latest from the data protection authorities and current topics1. EDPB: Launch of coordinated enforcement on the right of accessThe European Data Protection Board (EDPB) selected the right of access...
UK ICO enforcement threat for gambling companies failing to comply with...
On 21 November 2023, the UK Information Commissioner’s Office (“ICO”), the UK’s data protection reg­u­lat­or, is­sued a statement warning that websites face enforcement action if they do not make...
10 CMS partners recognised by Lexology Client Choice Awards 2023
International law firm CMS is pleased to announce that 10 of its partners, across nine different countries, have been recognised by the Lexology Client Choice Awards 2023:Nick Beckett, China, Life Sci­ences Car­oline...
Data protection and cybersecurity laws in the United Kingdom
Data protection 1. Local data protection laws and scope The Data Protection Act 2018 (“DPA”) covers general processing of personal data in the UK. The DPA supplemented the EU General Data Protection...
Common IT security weaknesses lead to ICO reprimand
The UK Information Commissioner’s Office (“ICO”), the UK’s data protection regulator, has issued a reprimand following infringements of the UK General Data Protection Regulation (“GDPR”) to...
CMS Life Sciences Vital Signs, Winter 2023
2023 has seen some significant legal developments impacting the life sciences industry, and as we look ahead to 2024, there are several important developments which we would like to keep our clients informed...
How to draft an AI policy
AI has been around for decades, but there’s been a substantial increase in the use (or, at least, talk about the use) of AI within the workplace as a result of recent advances in AI, in particular...
UK-US data bridge now live: What do you need to know?
The UK-US data bridge (live from 12 October 2023) offers a new streamlined option for transfers of personal data from the UK to the US in the case of participating companies. This follows an assessment...
When curiosity leads to a criminal conviction
An individual who worked at the Crown Office and Procurator Fiscal Service (COPFS) headquarters in Glasgow has been charged with a criminal offence under the Data Protection Act 2018 (the DPA) and handed...
Lessons to be learnt from the recent data breaches in the public sector
Following on from the recently reported data breaches by Police Services of Northern Ireland (PSNI) and the Electoral Commission (EC), organisations should take a step back and re-evaluate their compliance...
ICO clarifies position on data sharing for financial risk checks
The UK Information Commissioner’s Office (“ICO”), the UK’s data protection regulator, has written an open letter to UK Finance, an industry body for UK banking and financial services, to clarify...
EU reaches agreement on Data Act – Comprehensive EU data law is on the...
On 27 June 2023, the European Parliament and Council resolved the remaining open points and reached a political agreement on the EU Data Act, paving the way for a new law that will introduce comprehensive...