Contact

Data Protection

Over 70% of countries around the world already have data protection laws. Others are adopting new laws. Implementing data protection policies and practices that are simple, strategic and actionable is crucial for any global organisation to maintain trust, stay compliant, and empower trade.

Our Expertise

We believe data protection should be a business enabler, not a business blocker. We help clients to realise the value of their data assets in ways that take account of their legal responsibilities, business objectives, and risk exposure.

We’re experts in data protection law, but we do more than simply recite the law. We take account of the strategic, commercial and practical implications of our advice. We ask ourselves: What precedent will our advice set? What wider legal, ethical and practical issues apply? Can our advice be operationalised? What reputational impacts would a proposed course of action have?

Through Digiphile’s own expert advisers, and by leveraging relationships with local data protection specialists around the world, we can advise you on your data protection needs throughout the UK, Europe and beyond.

Data Governance

We advise on all aspects of our clients' data protection governance, from data mapping and records of processing, to comprehensive internal data protection policies and procedures, to international data transfer solutions (BCRs, Standard Contractual Clauses and EU-US Data Privacy Framework), through to education, training and awareness.

Privacy and Product

We counsel clients on the data protection considerations of any new product or service launch, including on data protection by design and data protection by default, profiling and advertising rules, direct marketing campaigns, Children's Code compliance and more.

Crisis Response

Data security incidents are an unfortunate fact of life. We advise clients on their legal responsibilities when they suffer an incident, including throughout their investigation and mitigation processes and on their reporting duties to regulators, customers, and impacted data subjects throughout the UK, Europe and beyond. We also support our clients on wider complaints, investigations and enforcement actions by regulators, customers and data subjects alike.

The GDPR is an EU data protection law that came into effect in 2018 and, when the UK left the EU, was saved into UK law – meaning that there is now both an EU GDPR and UK GDPR. Collectively, they broadly apply to businesses around the world who do business in the EU and UK, and many other countries have amended their own laws to include standards that are “GDPR-like”. For that reason, many organisations perceive the GDPR to be a high watermark for compliance, and use the GDPR to design their global data protection policies and practices.

Yes and no. Like any law, different regions and countries can have different rules. For example, while the EU GDPR mostly applies uniformly throughout EU Member States, there are still some differences that exist at an individual country level. However, there are a number of core principles – called “fair information practices” – that are common in most data protection laws around the world. These include principles of notice, lawfulness, purpose-limitation, access, and security. Compliance with these common principles, while they won’t guarantee compliance in any given country, will get you 80% of the way there and help to manage risk on a global basis.

Act quickly. Your priority, of course, should always be to investigate and stop any ongoing breach as soon as possible. However, you may also need to report the breach to regulators, customers and/or affected individuals. In many countries, there can be strict timelines for reporting these incidents – for example, in the EU and UK, reports are expected to be submitted within 72 hours of becoming aware of a personal data breach. Contact us if you require further advice.

No. Personal data means any information that relates to an identified or identifiable individual. It includes data that identifies an individual directly (such as their name and contact details), but also data that can identify individuals indirectly – for example, IP addresses or cookie data, which can be used to single out individuals and target them online even if their name and contact details aren’t known.

Yes. At Digiphile, we maintain a set of standard data protection template documents (from privacy notices, to data processing agreements, to data transfer agreements) that we can sell to clients at flat fee pricing to help them with their compliance. Contact us for more information.

Frequently Asked Questions

Please reach out to our team if your question is not listed here. Our experts are always ready to provide the guidance and support you need.

Contact Us

Want to know more? Get in touch with us today.

Get in Touch

We are a team of forward-thinking legal experts committed to simplifying complex legal challenges. We specialise in delivering simple, strategic and actionable advice to empower your business in the digital world.

  • Digiphile Services Limited
    86-90 Paul Street,
    London,
    EC2A 4NE
    United Kingdom

© 2024 Digiphile.

"Digiphile" and the Digiphile "Simple. Strategic. Actionable." logo are registered trade marks of Digiphile Services Limited.

Website design by