Home / Europe / United Kingdom / Commercial / Data Protection & Freedom of Information

Data Protection & Freedom of Information

Back to Commercial

The EU data protection landscape is shifting with a radical new regulatory framework on the horizon. Our 'extensive team' has the data protection expertise to handle the very largest and most complex local and multi-jurisdictional matters.

Our team is composed of experts in data protection and security, data loss and information management and can draw on our extensive experience in order to provide practical solutions for your business. We also advise clients on the risks and opportunities presented by freedom of information legislation and the strategic use of subject access requests.

What sets us apart is our specialist data protection sector expertise, particularly in highly regulated sectors like technology, media and communications, energy and utilities, healthcare and financial services.  

We are at the forefront of thought leadership and policy change in relation to GDPR. We have advised clients extensively on its implementation and have supported them in their lobbying activities in Europe and the US, responded to the Ministry of Justice call for evidence and provided guides, updates and training on the proposals every step of the way.

Our team provides counsel across a wide range of areas including data protection registration and policy development, data security and mobile device encryption, data transfer procedures using model clauses and binding corporate rules, freedom of information requests, data subject access requests and resolving data protection issues arising from outsourcing projects. 

We also advise various insurers and insureds in relation to cyber-attacks, systems failures and security breaches, through the CMS Cyber Network, covering over 40 countries.

The core data protection team is able to draw on the expertise of other practice areas across CMS such as employment, financial services and litigation.

Law-Now: Data Pro­tec­tion & Free­dom of In­form­a­tion
Vis­it Law-Now for leg­al know-how and com­ment­ary
Ad­vising the Board


Data pro­tec­tion and cy­ber­se­cur­ity laws in the United King­dom
Data pro­tec­tion 1. Loc­al data pro­tec­tion laws and scope The Data Pro­tec­tion Act 2018 (“DPA”) cov­ers gen­er­al pro­cessing of per­son­al data in the UK.The DPA sup­ple­men­ted the EU Gen­er­al Data Pro­tec­tion...
The Mo­bile Cen­tury 2022
CMS is de­lighted to sup­port The Mo­bile Cen­tury, a pub­lic­a­tion writ­ten by wo­men in the di­git­al space, pub­lished by the Glob­al Tele­com Wo­men’s Net­work (GT­WN).The GT­WN 30th An­niversary Pub­lic­a­tion is a spe­cial edi­tion. The theme “Re­flec­tions” brings to­geth­er the per­spect­ives of the older gen­er­a­tion of wo­men who have lived ex­per­i­ence of the evol­u­tion of ICT over the past three dec­ades and bey­ond, with wo­men of the young­er gen­er­a­tion, while look­ing ahead to what work re­mains to be done.This sem­in­al work in­cludes es­says by glob­al ex­perts in: Tech evol­u­tion from the early days of the in­ter­net and the mo­bile phone to today; Tech ESG and how di­git­al tech­no­logy can drive sus­tain­ab­il­ity in­to the fu­ture; Tech safety, pro­tect­ing your­self and oth­ers on­line; Tech equity, bridging the di­git­al di­vide; and Fu­ture tech, with a fo­cus on the im­pact of ar­ti­fi­cial in­tel­li­gence. You can either browse the pub­lic­a­tion on­line or fill in your de­tails be­low to down­load the full pub­lic­a­tion.
HR data pro­tec­tion is­sues - keep­ing on top of com­pli­ance
This ses­sion looks at key data pro­tec­tion is­sues that busi­nesses need to con­sider in re­la­tion to their em­ploy­ees and wider work­force.In the last year health and safety has taken pri­or­ity as work­places...
Uni­ver­sal, hu­man­ist­ic: adtech
Dur­ing a speech at this year’s vir­tu­al Com­puters, Pri­vacy and Data Pro­tec­tion (CP­DP) Con­fer­ence in Brus­sels, Tim Cook (CEO of Apple) urged on­line at­tendees to “… send a uni­ver­sal, hu­man­ist­ic re­sponse...
The data se­cur­ity per­ils of work­ing from home (video)
Whilst some busi­nesses are now in the pro­cess of re-open­ing of­fices and premises to staff and cus­tom­ers, for many of us there is still likely to be an ex­ten­ded peri­od of work­ing from home. As they ad­just...
Priv­ilege: What you need to know
The last couple of years have seen some im­port­ant de­vel­op­ments in Eng­lish case law in the area of leg­al pro­fes­sion­al priv­ilege, from the Court of Ap­peal over­turn­ing a re­strict­ive in­ter­pret­a­tion of lit­ig­a­tion...
The data se­cur­ity per­ils of home work­ing
Whilst some busi­nesses are now in the pro­cess of re-open­ing of­fices and premises to staff and cus­tom­ers, for many of us there is still likely to be an ex­ten­ded peri­od of work­ing from home. As they ad­just...
Risk Es­sen­tials Break­fast: What do you want from me? Un­der­stand­ing risks...
Dir­ect­ors don’t al­ways re­ceive form­al train­ing on their leg­al du­ties, yet the risks of get­ting it wrong are con­sid­er­able. Dir­ect­ors may find them­selves re­spons­ible for as­pects of a com­pany’s op­er­a­tions...
Risk Es­sen­tials Break­fast: U Turn Ahead? Sub­ject to Con­tract, Heads of...
Con­trac­tu­al cer­tainty is fun­da­ment­al to avoid­ing dis­putes down the line and dis­pos­ing of them quickly and cost ef­fect­ively when they do arise – but al­though it’s a ba­sic re­quire­ment, it’s not as...
Risk Es­sen­tials Break­fast: Don’t be the weak­est link: Man­aging data and...
With the av­er­age UK busi­ness suf­fer­ing some form of on­line at­tack every two minutes, this ses­sion will as­sess the scope of the risk, its leg­al im­plic­a­tions and how you can pro­tect your busi­ness. We will...
GDPR: Are you ready?
Data pro­tec­tion is now tak­ing centre stage, as the com­ing in­to force of the Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR) across the EU from May next year fast ap­proaches. The GDPR will have a sig­ni­fic­ant...
Spot­light Series: Sub­ject ac­cess re­quests in the em­ploy­ment con­text (Ab­er­deen)
The rules on Sub­ject Ac­cess Re­quests are chan­ging, and the pen­al­ties for get­ting it wrong will in­crease sig­ni­fic­antly. This is against a trend of in­creas­ing use of the re­quest pro­ced­ure. In this ses­sion...