Jonathan McDonald, Partner
Jonathan is a commercial lawyer and leads the Data Protection and Privacy practice group at Charles Russell Speechlys.
AboutJonathan is a commercial lawyer and leads the Data Protection and Privacy practice group at Charles Russell Speechlys. He advises clients across a broad range of sectors (including retail, technology, sport, financial services, advertising and pharma) on all issues relating to data protection and privacy. This includes advising in relation to, amongst other areas, complex commercial transactions with a data or technology element, managing compliance projects in the UK and internationally, cross border and domestic data transfers, preparing for and dealing with data security breaches and data subjects exercising their rights.
Jonathan is admitted to practise in England and Wales.
- Advising businesses, ranging from multinationals to growth companies, on their data protection compliance programmes (including in relation to the new General Data Protection Regulation)
- Advising on cross border and domestic data transfers, including advising on the risks faced by businesses transferring personal data to the US in the wake of the CJEU’s annulment of Safe Harbor
- Advising businesses on preparing for and dealing with data security breaches
- Advising businesses on their policies and practices regarding data subject access requests and other third party requests for access to personal data
Jonathan McDonald quoted by The Guardian and the Evening Standard on the Google Supreme Court decision
Jonathan comments on the implications of Lloyd v Google LLC.
Lloyd v Google – Supreme Court to deliver judgment tomorrow (on 10 November 2021) – a reminder of the issues at stake
Fairhurst v Woodard: Property audio and video surveillance system breached GDPR
A recent judgment from Oxford County Court raises significant questions about the increasing use of smart doorbells and cameras.
Top 5 Data Protection Tips
Jonathan and Marc-Us explore the top 5 data protection tips
Regulating AI – the impact of two key recent proposals: the UK’s National AI Strategy and the EU’s proposed Artificial Intelligence Regulation
With the hype surrounding artificial intelligence continuing to gather pace, we pause and consider some of the proposed regulatory changes.
China’s Personal Information Protection Law – keeping up with the Joneses or increased cyber-security?
Up until recently, China’s data protection rules could be found through a number of laws and guidelines
Charles Russell Speechlys advises Fudco Partnership on sale to Exponent-backed Vibrant Foods
Fudco is a family-owned business selling South Asian ethnic foods in UK and Europe.
Jonathan McDonald and Rahim Hirji write for LawInSport on the relationship between data protection and referee reports in English football
Is data in reports submitted by referees to the Football Association subject to the General Data Protection Regulation?
Data Protection post Brexit
In the lead up to the UK's exit from the European Union, what data protection risks should your business be thinking about?
International Data Transfers
The European Data Protection Board has adopted new recommendations on international personal data transfers .
ICO publishes guidance on responding to subject access requests
Taking a closer look at the ICO's recently published Guidance on the right of access and how to apply it in practice .
Connect: Schrems II - the judgment and practical next steps for your business
Discussing the impact of the Schrems II decision
SCHREMS II judgment: privacy shield invalidated and SCCs scrutinised
In a surprising and arguably bold judgment, the CJEU have invalidated the EU-US Privacy Shield Privacy Shield mechanism.
Managing Data Protection Law when responding to COVID-19
What obligations businesses need to consider under the applicable data protection legislation to manage the outbreak of Coronavirus?
European Data Protection Board Guidelines: Data Protection by Design and by Default
The European Data Protection Board (EDPB) has adopted new Guidelines.
Data Protection and Privacy: Is the consent model broken?
Are companies violating individuals’ human rights by relying on consent and legitimate interest to process personal data?
What does the ICO’s recent guidance mean for the future of cookies?
Model Clauses Update: Facebook’s appeal to stop the Irish High Court’s referral to ECJ on standard contractual clauses is dismissed
Are they now less attractive as a transfer mechanism?
Network information systems regulations 2018
With one week for RDSP's to register with the ICO we consider what constitutes an RDSP and the actions they should consider to be compliant
GDPR: Crisis management