Data Subject Rights
-
Lawful Basis for Processing
-
Age Appropriate Design Code / Children's Code
-
Data Protection Impact Assessments (DPIAs)
-
Data Protection Training
-
Data Processing Agreements (DPAs)
-
UK Representative
-
Breach Preparedness
-
Vendor / Supply Chain Risk Assessments
-
Marketing Compliance
-
Privacy by Design
-
Data Breach Remediation
-
Outsourced Data Protection Officer (DPO)
-
International Data Transfer Risk / Impact Assessment
-
Legitimate Interests Assessments (LIAs)
-
Data Sharing
-
Incident Response
-
Regulatory Enforcement
-
Governance & Oversight
-
First-Tier Tribunal (Information Rights) Appeals
-
Consent Mechanisms
-
Privacy Policies
-
International Data Transfer Agreements
-
Cookie Notices
-
Exemptions
-
Information Notices
-
Assessment Notices
-
Enforcement Notices
-
Monetary Penalty Notices
-
Reprimands
-
Compliance Orders
-
Data Protection Offences
-
Codes of Practice
-
Data Controller Obligations
-
Data Processor Obligations
-
Data Subject Rights - Lawful Basis for Processing - Age Appropriate Design Code / Children's Code - Data Protection Impact Assessments (DPIAs) - Data Protection Training - Data Processing Agreements (DPAs) - UK Representative - Breach Preparedness - Vendor / Supply Chain Risk Assessments - Marketing Compliance - Privacy by Design - Data Breach Remediation - Outsourced Data Protection Officer (DPO) - International Data Transfer Risk / Impact Assessment - Legitimate Interests Assessments (LIAs) - Data Sharing - Incident Response - Regulatory Enforcement - Governance & Oversight - First-Tier Tribunal (Information Rights) Appeals - Consent Mechanisms - Privacy Policies - International Data Transfer Agreements - Cookie Notices - Exemptions - Information Notices - Assessment Notices - Enforcement Notices - Monetary Penalty Notices - Reprimands - Compliance Orders - Data Protection Offences - Codes of Practice - Data Controller Obligations - Data Processor Obligations -
Data protection & data privacy
Recent court judgments and regulatory penalties have demonstrated the importance of seeking professional expertise when embarking upon data processing initiatives.
Our consultants are immersed in the legislation, guidance and judgments relevant to compliance with the General Data Protection Regulation 2016/679 (GDPR), the UK GDPR, the Data Protection Act 2018, The Privacy and Electronic Communications Regulations (PECR), and other relevant privacy and data protection legislation including the Human Rights Act 1998 and Article 8 of the European Convention on Human Rights.
We pride ourselves on utilising our expert knowledge to design, and support clients to implement, practical solutions to privacy problems.
We provide our services to clients from small businesses and start-ups to multi-national corporations across a range of industries, and to government and public sector entities. Our consultants have experience advising: retailers; branding, marketing and advertising (including ad-tech) providers; social media platforms; regulated industries, such as law firms and other legal professionals; financial institutions; insurers and insurance intermediaries; technology start-ups; content providers including publishers, broadcasters, social media platforms and online and editorial content creators; political parties and lobbying groups; law enforcement entities; charitable organisations; employment agencies; the public sector; sports bodies; and, health care providers.
We have particular expertise in the application of data protection and privacy laws to the creation, hosting and distribution of content, and are able to advise media organisations, news publishers, content producers, including independent production companies and their suppliers, influencers and other content creators, and content hosts such as social media sites.
Having been involved in negotiating the drafting of the exemption at Schedule 2 Part 5 para.26 of the Data Protection Act 2018 for processing of personal data in the context of journalism, art, literature or academia, the ‘special purposes’ exemption, which provides a potentially broad but not wholesale exemption from the requirements of the legislation, our consultants have unrivalled expertise in giving practical advice on its application.
We also have substantial expertise working with law enforcement agencies in relation to the application of data protection and privacy laws to their functions, having regard the Law Enforcement Directive (EU) 2016/680 and Parts 3 and 4 of the Data Protection Act 2018. We have supported law enforcement agencies to undertake novel and high profile data initiatives to support their public functions. Our consultants hold SC (security check) clearance in connection with this work.
In the first Parliamentary debate on police use of live facial recognition technology, significant concerns were raised in relation to the latitude afforded to chief officers in deploying the biometric artificial intelligence (AI) tool. Handley Gill’s specialist consultants, whose advice on the deployment of LFR was acknowledged during the debate, consider the implications of the new Labour government’s proposals to revisit the legislative and regulatory framework governing the deployment of live facial recognition by law enforcement.