Every organisation needs to address data protection, confidentiality, information security, cyber risks, data breaches and freedom of information as part of their compliance and risk management policies and procedures.
Whether you are a growing or established company, we can provide you with global contentious and non-contentious advice, that goes beyond straight-forward legal services. We can add value to your business through multi-jurisdictional project management and consultancy services, to train and educate you to ensure that you are complying with global laws and regulations.
Where regulations and obligations evolve, we keep abreast of the latest data protection requirements and can give you practical and up-to-date advice on everything from data retention and email marketing issues, to the handling of sensitive information and data transfers, in the UK and overseas. We often review the data handling procedures adopted by HR departments, including the standard forms used for applications, references, appraisals and other employment related matters. We work closely with our corporate and commercial colleagues to ensure data protection due diligence is met during mergers and acquisitions, outsourcing agreements, or other transfer of undertakings.
You can expect co-ordinated and competitively priced international services, supported by a breadth of knowledge and passion for what we do.

GDPR: are you compliant?
We offer a comprehensive solution for businesses who are affected by the new General Data Protection Regulation.
Meet the team
- Call Jonathan +44 (0)20 7427 6725
- Email Jonathan
Our thinking
Jonathan McDonald
Data Protection post Brexit
In the lead up to the UK's exit from the European Union, what data protection risks should your business be thinking about?
Olivia Crane
International Data Transfers
The European Data Protection Board has adopted new recommendations on international personal data transfers .
Nick White
Nick White writes for MCA on the data issues surrounding the rise of popularityy of
Olivia Crane
Privacy in the time of a Pandemic
As a result of Covid-19, the importance of privacy and compliance with data protection law has found itself in the spotlight.
Jonathan McDonald
SCHREMS II judgment: privacy shield invalidated and SCCs scrutinised
In a surprising and arguably bold judgment, the CJEU have invalidated the EU-US Privacy Shield Privacy Shield mechanism.
Jonathan McDonald
What does the ICO’s recent guidance mean for the future of cookies?
The Information Commissioner’s Office (“ICO”) has recently issued guidance on the use of cookies and similar technologies.
Mark Hill
New Data Protection Regime in Bahrain
Download our guide to the new Data Protection Regime in Bahrain.
Tessa Newman
Thumbs up – A company that embeds the Like button on its website can be considered a data controller jointly with Facebook
Companies that embed the Facebook “Like” button within their website pages can be considered as a joint data controller.
Robert Thomas
DSARs: paper files and proportionate searches
The High Court has made a number of important findings that have relevance to data subject access requests.
Freddie Law
No-Deal Brexit
Freddie Law analyses how businesses need to consider their data protection policies, in preparation for the potential of a no-deal Brexit.
Rachel Bell
French DPA concludes its first investigation; fining Google LLC €50 million in the process
On 21 January 2019, the French Data Protection Authority imposed a financial penalty of €50 million on Google.
Broadcasters: big targets for hackers and cyber-criminals
Broadcasters were warned that they need to start having internal conversations about the scale of the cyber security threat they face.
Claire Greaney quoted in Info Security Magazine on the Morrisons insider breach appeal
Jonathan McDonald
GDPR: Crisis management
GDPR: Next steps post-enforcement
With GDPR now in force, we give some useful tips for working towards compliance.
Charlotte Pender
Charles Russell Speechlys promotes eight to Partner
A further four have been promoted to Legal Director and 22 to Senior Associate.
Tanya Wilkie
Delay to e-privacy regulation causes uncertainty
The Regulation will introduce more stringent privacy rules in respect of all electronic communications.
Caroline Swain
Charles Russell Speechlys launches new product to support retail start-ups
The Attention to Retail Toolkit aims to support start-ups and help them reduce the risk of something going wrong as their business grows.
David Green
Processing employee data under the GDPR
The new EU Data Protection Regulation (GDPR) will take effect in the UK from 25 May.
Data privacy: the challenges to AI development
Organisations must remain diligent as data protection awareness becomes increasingly relevant, and AI technology develops.