Information, data protection and privacy law

We help clients comply with their evolving obligations under information, data protection and privacy laws, protecting them from the financial and reputational harms that can arise from a breach.

Our services

UK GDPR compliance: assisting with UK and global compliance programmes, including through our UK GDPR Representative services.
Sector-specific regulatory compliance: helping clients navigate complex regulatory landscapes and the interplay with data privacy compliance across industries including life sciences, healthcare and technology.
Data privacy training and notices: training to help organisations and their employees understand their obligations.
Data processing and data sharing agreements: assisting with UK and international data processing agreements.
Data Protection Impact Assessments (DPIAs): helping to identify and mitigate risks.
Freedom of Information & Environmental Information: We support clients responding to requests for information under auspices of the Freedom of Information Act 2000 (FOIA) and the Environmental Information Regulations 2004
Data Subject Access Requests (DSARs): We work with our clients at all stages of a DSAR, from scoping, searching and review, through to application of exemptions and defending you against complaints.
Cyber issues: We support you at every stage as you address cyber issues including prevention through sound data governance, advice on legal requirements and providing hands-on training to meet your organisation’s needs
Cyber-attacks and data breaches: We work with our clients at all stages of a cyber-attack/data breach, incident response planning to defending against resulting litigation and regulatory action.

Contact our team

Our experience

We represent the full range of clients, from innovative start-ups, to global corporates (including those listed on NASDAQ), as well as public sector clients.

Advising the Cleveland Clinic on data protection issues that arise in relation to its London hospital (including data sharing, research projects and incident response).
Supporting a number of US-based biotech / pharma companies with GDPR compliance on a range of clinical trials in the UK and Europe. We have advised on data sharing and analytics contracts, privacy information in informed consent forms and completed a notification programme with a number of supervisory authorities of the DPO and Authorised Representative where required.
Supporting Siemens Healthcare with a wide range of ad hoc data protection queries and training.
Advising the UK's leading trade-only distributor of technology solutions, on the intra-group data sharing agreement for the global group and the data protection and security implications of the implementation of a global HR system.
Supporting iGPR, market leading, trusted provider of redaction and medical reporting software, on negotiations with key customers over data protection and security terms in their customer contracts, discussions with NHS England about data sharing through their interfaces and responding to issues relating to iGPR’s GP customers.
Advised the leading provider of pathology services on a ransomware attach which crippled their IT systems and caused disruptions in the UK. Our advice on critical matters including ransom payment strategies, extraterritorial legal action options, breach notification obligations, and communications management has helped to mitigate regulatory, reputational and litigation risk.

Defensive lines

We surveyed legal, risk, compliance, and human resources teams in the private and public sectors across a wide range of industries, to help you understand how to better prepare and respond to a cyber attack.

Explore now

Dark patterns

In this 'In-house in Focus webinar', we explore the growing legal and regulatory scrutiny of manipulative online design practices, known as dark patterns or online choice architecture.

Watch now

Our lawyers

Our team consists of lawyers with in-depth data protection, privacy and information law expertise. They are recognised as thought-leaders – they've presented at leading industry events, and have been published nationally.

Sophie Burton-Jones
Partner
Profile
Stephanie Caird
Partner
Profile
Paul Knight
Partner
Profile
Richard Sykes
Partner
Profile
Helen Tringham
Partner
Profile
Peter Wainman
Partner
Profile
Sarah Attwood
Principal Associate
Profile
David Baines
Principal Associate
Profile
Adam Hulme
Principal Associate
Profile
Jacqui King
Principal Associate
Profile
Emma Tuck
Principal Associate
Profile
Claire Williams
Principal Associate/Data Protection Mgr
Profile
Lisa Cham
Senior Associate
Profile
Rachel Crick
Senior Associate
Profile
Alasdair Dougan
Senior Associate
Profile
Katherine Pears
Senior Associate
Profile
Robert Beveridge
Associate
Profile
Julia Carey
Associate
Profile
James Field
Senior Associate
Profile
Alice Powell
Associate
Profile
Supriya Sriprasad
Associate
Profile
Aurelie Tegho
Associate
Profile

Our clients

We help clients across all sectors, including:

NHS foundation, partnership and acute trusts
Higher education institutions
Technology and innovation sector businesses
Financial services organisations
Mid-market and SME companies

What our clients say about us

Mills and Reeve has a great team, which is responsive and extremely knowledgeable in the area of data protection and privacy.
Legal 500
Not only does Mills & Reeve have deep knowledge of data protection laws, it is adept at finding solutions for implementing processes that comply with those laws.
Legal 500

Quick insights from our sectors

Read our data protection blogs

Extended insights on data protection

Read all data protection content

Get in touch

Our team of legal experts are here to support you. Contact one of our lawyers today.

Related sectors & services

Artificial intelligence

Cyber response

Fraud and investigatory work

Information technology

Investigations

Reputation management

Existing clients

Staff

Information, data protection and privacy law

Our services

Our experience

Defensive lines

Dark patterns

Our lawyers

Our clients

What our clients say about us

Quick insights from our sectors

Internal investigations: Embedding data protection from the start

The hidden financial fallout of cyber incidents

Student protection and cyber security

The Data Protection Act’s new “right to complain”: implications for education institutions

Data protection considerations for integrating Generative AI in the workplace

A year of subject access requests – key challenges and changes

Data protection changes for charities

The Data (Use and Access) Bill

Consent or else you'll pay!

Extended insights on data protection

Will change to laws on charity marketing boost fundraising?

Unlocking value in AI acquisitions: what every buyer needs to know

Investigating with integrity: Data protection as a tool for fairness and respect

Data (Use and Access) Act series: What are the new rules on data subject access requests?

Workplace disclosures: How sharing confidential information can lead to litigation

Importing principles from defamation law into data protection law: Insights from Pacini v Dow Jones

From science fiction to company corridors: Navigating the legal maze surrounding facial recognition technology

Top tips for protecting retail clients from cyber attacks

Responding to the regulator’s demand to give people more control over personalised advertising

Key resources

Privacy notice checklist

Deception Diaries

Top tips for undertaking a SAR

Data protection quizzes

Learn what law applies to you

Glossary

Get in touch

Related sectors & services