Privacy & data

Data transcends borders, and so do we.

Get tailored global privacy solutions and practical advice from our leading privacy and data professionals.

Welcome to the Shoosmiths Privacy & Data Team.

We are a truly full-service privacy and data practice that sets itself apart: over 20 dedicated advisers and sector specialists, offering global support and technology solutions, all informed by an incredible level of commercial and in-house experience, including with leading privacy regulators.

To help navigate this page, here is a list of what we cover in detail below:

  • How we can help
  • An overview of our services
  • Our key products
  • What makes us special
  • Who we work with
  • What our clients say
  • Our experience
  • Our insights and community work

How we can help

We can shape your privacy and data function in the following ways:

  • Build: we design, build and implement the foundations of your privacy, AI, cyber and other data compliance, on a global scale
  • Support: we provide business-as-usual and ad-hoc support, including a fully outsourced DPO service
  • Optimise: we use our experience to transform your data function into a centre of excellence
  • Protect: we advise you on security laws and standards to help you keep your data and systems safe, secure and resilient
  • Commercialise: we offer data licensing, IP and consultancy advice to make sure you leverage your data to its fullest potential
  • Resolve: we help steer you through complex data complaints, disputes and investigations, and support you in times of crisis

An overview of our services

We provide fully tailored privacy and data services, which can be scaled up or down to meet your requirements. This lets you stay in control of your privacy compliance and commercial data budget with the scope, and flexibility, that works for you.

Details make the difference, so we have put together a snapshot of what we offer to businesses and organisations of all shapes and sizes:

BUILD

SUPPORT

OPTIMISE

PROTECT

COMMERCIALISE

RESOLVE
  • Audit & gap analysis
  • Data mapping
  • Documentation
  • Implementation
  • Registration & representation
  • Global & group compliance including Binding Corporate Rules
  • Advice & training
  • Data breaches
  • Routine data subject & third party rights requests and complaints
  • Policy, notice & register maintenance
  • Risk & role assessments
  • Contracts & procurement
  • Cross-border data transfers
  • Projects & privacy by design
  • Industry & function-specific advice including life-sciences, charities, financial services, HR, marketing and surveillance
  • Governance & awareness
  • Strategic advice
  • Technology implementation
  • Workflow & process improvement
  • Cyber-security & resiliency
  • Industry standards
  • Online safety & product conformity
  • Data monetisation & acquisition
  • Data licensing & APIs
  • Data & digital service contracts
  • IP protection
  • M&A support
  • Specialist technology advice including on Adtech, AI and Web3
  • Disputes & legal proceedings
  • Complex data subject complaints
  • Large-scale data subject access requests
  • Regulatory enquiries & investigations
  • Crisis response and breach management

Our key products

Resource Solutions

Resource Solutions
DPO Services

DPO Services
Automated Privacy Compliance

Automated Privacy Compliance
Resiliency by Shoosmiths

Resiliency by Shoosmiths
UK Representative Service

UK Representative Service
SHOC 24

SHOC 24

What makes us special

  • We focus on the practical. We ask ourselves ‘so what?’, every time.
  • We deliver one-stop global solutions. Need to check if there’s soft opt-in for Senegal? No problem.
  • We are dedicated to data, with IAPP-certified advisers and the right person for the job at every level.
  • We have worked in-house so we know the importance of commerciality. We have worked with regulators, so we know the value of prudence.
  • We are more than privacy compliance experts. From AI to AR, FOIA to FISA, we have you covered.
  • We keep you informed so you won’t miss a beat.
  • We offer products designed to take away your privacy governance pain points.
  • We are an active voice in the privacy and data community and are proud to make our mark.

Who we work with

Our experience

From Harry Potter to Cambridge Analytica, members in our team have advised at the pinnacle of privacy and data for over 25 years, so you are in safe hands.

We have helped hundreds of clients navigate and prepare for data protection and privacy laws all around the world. This includes every legislative acronym bar none, including the EU/UK GDPR, DPA, PECR, NIS, FOIA, CCPA/CPRA, DMA and DSA.

Here are just a few examples of our work and the challenges we have helped our clients to overcome:

  • Acting as an outsourced data protection officer/manager for several global organisations, including in the leisure, advertising, real estate, technology, life sciences and retail sectors
  • Delivering a fully configured OneTrust instance and tailored assessments to build a processing and systems inventory for a data mapping project covering 300 business departments
  • Providing resource solutions to the UK Information Commissioner’s Office (ICO), a global FMCG and retail business in the top 5 of the FTSE, and Japanese headquarters of a leading automotive manufacturer
  • Advising on over 20 BCRs applications including the world’s first GDPR controller/processor BCR approved by the EDPB
  • Litigating a £multi-million dispute arising from a data breach in a precedent-setting claim, and handling notifications to the ICO, FCA, data subjects and police
  • Avoiding a costly corporate reorganisation for a retail client by helping to establish a customer reward scheme operating across several companies in the client’s group
  • Handling notifications and advising a global business on a data breach affecting 25 countries
  • Producing data transfer agreements and assessments, including UK, EU and Chinese standard contractual clauses for a several multi-nationals
  • Identifying fundamental compliance weaknesses in the operating model of a data provider, allowing a prospective buyer to invest funds in a target better aligned to its objectives
  • Creating a direct marketing re-permissioning strategy for a 100m subscriber CRM database that struck a workable balance between the compliance and commercial needs of the business
  • Liaising with regulators on a series of complex data protection complaints, with resolution in the client’s favour
  • Creating a policy framework that adopts a practical and streamlined approach to CCTV requests for a client that was increasingly overwhelmed by them
  • Helping to reduce the scope of (and then fulfilling) a high volume data subject access request spanning numerous group companies, jurisdictions and data types, all within a short space of time
  • Producing and delivering bespoke, multi-language privacy training videos for a global business
  • Providing strategic advice to help a client efficiently repaper data transfer clauses for a large volume of its suppliers
  • Implementing a streamlined remediation plan within a tight budget allowing for optimally cost-effective compliance risk reduction
  • Assisting a global automotive manufacturer monetise connected car data by relying on privacy enhancing technologies and create pure IP income
  • Supporting with responses to a data protection regulator’s investigation in relation to a university professor under pressure by a wealthy political figure using data subject rights as a means of censorship

 

What clients say

“the team punch well above their weight and all take a pragmatic approach to their advice based on their unparalleled experience working with regulators, large multinational, and domestic clients. I think you’d be hard-pressed to find a better privacy team”

“depth of resource within the team, exceptional knowledge of a very technical and evolving area of the law”

“outstanding in managing a significant data incident for our business. Depth of technical knowledge in the team is outstanding and advice is always provided through a sensible commercial lens”

“they fully collaborate with the business and our parties to help find practical, commercial and compliant solutions” 

“very good at responding quickly to urgent matters, and excellent at taking complex matters and explaining them in more simple terms so the wider business understands the matter.”

Legal 500 Top Tier 2024   Chambers 2024     GDR 100 2024

 

Our insights and community work

Thought leadership

We regularly publish articles and notes on the latest developments and trend. See our insights page for more.

Data protection roundups

We provide a regular roundup with the latest legal and industry developments in the world of privacy and data, sign up to get them delivered straight to your inbox.

Take a look at some of our previous editions below.

 

Download

Download

Download

Policy and industry work

We contribute to legislative discourse and policy in a variety ways, including through our role on advisory boards, industry panels and responses to government consultations.

Please see below our recent consultancy responses.

ICO Anonymisation Guidance

September 2022

ICO Children’s Code

December 2022

Sir Patrick Vallance Review (barriers to economic growth)

January 2023

EDPB Guidance survey

February 2023

ICO Data Transfers Listening Workshop

March 2023

DPDI2 Bill

May 2023

ICO Biometric Data Guidance

October 2023

EDPB Guidance on ePrivacy Article 5(3)

January 2024

EU Commission - GDPR

February 2024

ICO generative AI guidance Parts 1 and 2

April 2024

 

iapp Silver Member logo

 

 

 

We are proud to be a Silver Member of the International Association of Privacy Professionals.

 

Lights, Camera, Privacy! podcast

We bring you, Lights, Camera, Privacy!, a podcast series that explores privacy themes within some of the most well-known movies. Whether you're a film buff, a privacy advocate, or simply curious about the intersection of storytelling and privacy, tune in to explore how the big screen tackles privacy.

Listen on Spotify, iTunes or our podcast page, or to a sample episode below.

 

theJPA.club

theJPA.club

We power the Junior Privacy Advisers’ Club (theJPA.club), a unique community aiming to bring together and develop the UK’s aspiring privacy professionals.

The club offers free membership to a diverse community of advisers embarking on their career in data protection and privacy, as well as those that are more established who wish to support the club with its mission.  It exists to serve the needs of privacy advisers working as lawyers, DPOs, consultant advisers or other privacy professionals in the UK, whether in the private, public or third sector, including for regulators, NGOs and private practice law firms, as well as in-house.

The club hosts regular events aimed at supporting members’ professional development and to provide networking opportunities.

To find out more about the club and to sign up as a member, visit theJPA.club.

Data Insights x Shoosmiths

Our annual Data Insights conference looks at the year that was in privacy and data, and to the year ahead, with discussions on the latest developments that will shape our future.

There’s no charge to attend, and it is a great opportunity to hear from and meet some of the leading voices in privacy and data.

To find out more about the conference please see Privacy & data events.

To watch sessions from this year’s conference, please see Data Insights x Shoosmiths 2024.

Data Insights x Shoosmiths

Meet the team

Insights

Read the latest articles and commentary from Shoosmiths or you can explore our full insights library.