We are a truly full-service privacy and data practice that sets itself apart: over 20 dedicated advisers and sector specialists, offering global support and technology solutions, all informed by an incredible level of commercial and in-house experience, including with leading privacy regulators.
To help navigate this page, here is a list of what we cover in detail below:
How we can help
An overview of our services
Our key products
What makes us special
Who we work with
What our clients say
Our experience
Our insights and community work
How we can help
We can shape your privacy and data function in the following ways:
Build: we design, build and implement the foundations of your privacy, AI, cyber and other data compliance, on a global scale
Support: we provide business-as-usual and ad-hoc support, including a fully outsourced DPO service
Optimise: we use our experience to transform your data function into a centre of excellence
Protect: we advise you on security laws and standards to help you keep your data and systems safe, secure and resilient
Commercialise: we offer data licensing, IP and consultancy advice to make sure you leverage your data to its fullest potential
Automate: we help you to deploy artificial intelligence and automation technologies safely, responsibly and in compliance with complex regulatory frameworks
Resolve: we steer you through complex data complaints, disputes and investigations, and support you in times of crisis
An overview of our services
We provide fully tailored privacy and data services, which can be scaled up or down to meet your requirements. This lets you stay in control of your privacy compliance and commercial data budget with the scope, and flexibility, that works for you.
Details make the difference, so we have put together a snapshot of what we offer to businesses and organisations of all shapes and sizes:
We focus on the practical. We ask ourselves ‘so what?’, every time.
We deliver one-stop global solutions. Need to check if there’s soft opt-in for Senegal? No problem.
We are dedicated to data, with IAPP-certified advisers and the right person for the job at every level.
We have worked in-house so we know the importance of commerciality. We have worked with regulators, so we know the value of prudence.
We are more than privacy compliance experts. From AI to AR, FOIA to FISA, we have you covered.
We keep you informed so you won’t miss a beat.
We offer products designed to take away your privacy governance pain points.
We are an active voice in the privacy and data community and are proud to make our mark.
Who we work with
Our experience
From Harry Potter to Cambridge Analytica, members in our team have advised at the pinnacle of privacy and data for over 25 years, so you are in safe hands.
We have helped hundreds of clients navigate and prepare for data protection and privacy laws all around the world. This includes every legislative acronym bar none, including the EU/UK GDPR, DPA, PECR, NIS, FOIA, CCPA/CPRA, DMA and DSA.
Here are just a few examples of our work and the challenges we have helped our clients to overcome:
Acting as an outsourced data protection officer/manager for several global organisations, including in the leisure, advertising, real estate, technology, life sciences and retail sectors
Delivering a fully configured OneTrust instance and tailored assessments to build a processing and systems inventory for a data mapping project covering 300 business departments
Providing resource solutions to the UK Information Commissioner’s Office (ICO), a global FMCG and retail business in the top 5 of the FTSE, and Japanese headquarters of a leading automotive manufacturer
Advising on over 20 BCRs applications including the world’s first GDPR controller/processor BCR approved by the EDPB
Litigating a £multi-million dispute arising from a data breach in a precedent-setting claim, and handling notifications to the ICO, FCA, data subjects and police
Avoiding a costly corporate reorganisation for a retail client by helping to establish a customer reward scheme operating across several companies in the client’s group
Handling notifications and advising a global business on a data breach affecting 25 countries
Producing data transfer agreements and assessments, including UK, EU and Chinese standard contractual clauses for a several multi-nationals
Identifying fundamental compliance weaknesses in the operating model of a data provider, allowing a prospective buyer to invest funds in a target better aligned to its objectives
Creating a direct marketing re-permissioning strategy for a 100m subscriber CRM database that struck a workable balance between the compliance and commercial needs of the business
Liaising with regulators on a series of complex data protection complaints, with resolution in the client’s favour
Creating a policy framework that adopts a practical and streamlined approach to CCTV requests for a client that was increasingly overwhelmed by them
Helping to reduce the scope of (and then fulfilling) a high volume data subject access request spanning numerous group companies, jurisdictions and data types, all within a short space of time
Producing and delivering bespoke, multi-language privacy training videos for a global business
Providing strategic advice to help a client efficiently repaper data transfer clauses for a large volume of its suppliers
Implementing a streamlined remediation plan within a tight budget allowing for optimally cost-effective compliance risk reduction
Assisting a global automotive manufacturer monetise connected car data by relying on privacy enhancing technologies and create pure IP income
Supporting with responses to a data protection regulator’s investigation in relation to a university professor under pressure by a wealthy political figure using data subject rights as a means of censorship
What clients say
“the team punch well above their weight and all take a pragmatic approach to their advice based on their unparalleled experience working with regulators, large multinational, and domestic clients. I think you’d be hard-pressed to find a better privacy team”
“depth of resource within the team, exceptional knowledge of a very technical and evolving area of the law”
“outstanding in managing a significant data incident for our business. Depth of technical knowledge in the team is outstanding and advice is always provided through a sensible commercial lens”
“they fully collaborate with the business and our parties to help find practical, commercial and compliant solutions”
“very good at responding quickly to urgent matters, and excellent at taking complex matters and explaining them in more simple terms so the wider business understands the matter.”
Our insights and community work
Thought leadership
We regularly publish articles and notes on the latest developments and trend. See our insights page for more.
Data protection roundups
We provide a regular roundup with the latest legal and industry developments in the world of privacy and data, sign up to get them delivered straight to your inbox.
Take a look at some of our previous editions below.
We contribute to legislative discourse and policy in a variety ways, including through our role on advisory boards, industry panels and responses to government consultations.
Please see below our recent consultancy responses.
We bring you, Lights, Camera, Privacy!, a podcast series that explores privacy themes within some of the most well-known movies. Whether you're a film buff, a privacy advocate, or simply curious about the intersection of storytelling and privacy, tune in to explore how the big screen tackles privacy.
Listen on Spotify, iTunes or our podcast page, or to a sample episode below.
theJPA.club
We power the Junior Privacy Advisers’ Club (theJPA.club), a unique community aiming to bring together and develop the UK’s aspiring privacy professionals.
The club offers free membership to a diverse community of advisers embarking on their career in data protection and privacy, as well as those that are more established who wish to support the club with its mission. It exists to serve the needs of privacy advisers working as lawyers, DPOs, consultant advisers or other privacy professionals in the UK, whether in the private, public or third sector, including for regulators, NGOs and private practice law firms, as well as in-house.
The club hosts regular events aimed at supporting members’ professional development and to provide networking opportunities.
To find out more about the club and to sign up as a member, visit theJPA.club.
Data Insights x Shoosmiths
Our annual Data Insights conference looks at the year that was in privacy and data, and to the year ahead, with discussions on the latest developments that will shape our future.
There’s no charge to attend, and it is a great opportunity to hear from and meet some of the leading voices in privacy and data.