Data Protection Risks and Investigations
With regulators and individuals paying increasing attention to data protection and cybersecurity, we understand international businesses need an effective and transparent response to data compliance.
CMS’ leading data protection team have supported many clients on regulatory compliance, in responding to data subject complaints and regulatory investigations. We advise extensively on risk mitigation, reporting obligations and investigations into data breaches.
Our team is available to provide you with advice from the moment a data incident occurs and guide you through any regulatory investigation or claim that may arise. Clients can rely on our pragmatic and business-orientated advice, regardless of the time of day.
We have handled in excess of two hundred cyber breaches for clients using a tried and tested methodology, involving issues including phishing, denial of service attacks, data bribery, IP theft, Trojan horses and firewall penetration.
Our team also maintains an excellent relationship with data protection regulators worldwide, allowing us to understand fully the regulatory landscape and to tailor business and risk management strategies for clients accordingly, so that problems can either be avoided, or effectively managed.
Our recent data protection experience includes:
- Advising a major gambling operator on notification to the Information Commissioner’s Office (ICO) and Gambling Commission following disclosure of sensitive personal data regarding a celebrity player. CMS successfully resolved the matter with the ICO taking no further action.
- Defending Bloomberg against a High Court Claim, following their reporting of a Serious Fraud Office investigation into an individual. The claim was based on privacy, data protection and breach of confidence.
- Advising various insurers and insured as in relation to cyber-attacks, system failures and security breaches, through the CMS Cyber Network, covering over 50 countries.
- Advising a sports’ governing body following the theft of a hard drive containing a large quantity of individual and supplier data. CMS advised on the approach for notifying the ICO and data subjects, as well as the potential PR risks.
- Advising a global marketing firm on various data protection issues and marketing compliance requirements under the e-Privacy Regulations. Also advising on international data flows including drafting model clauses, reviewing privacy policies, registration with the Regulator and coordinating the company’s Binding Corporate Rules with the Regulator (controller and processor BCRs)
What clients say about us:
- "They offer a very high level of quality and they are very available"
- "They have an energetic team who are very client-friendly."
- “The firm has been excellent at hand-holding and explaining in layman’s terms this particularly complex area as it applies to our regulated and non-regulated activities across multiple territories. CMS were able to bring to us a reasonable solution to the way we need to contract with clients, and were helpful, efficient and easy to work with.” Chambers & Partners
To find out more about other related services you can visit the Risk and Investigations expertise section.