With one of the biggest and most well-known teams in Europe, Bristows is the go-to firm for pragmatic, expert-informed data protection advice.  Our clients rely on us for guidance on a huge range of data protection issues, with our recommendations always rooted in pragmatism and what will actually work for their business.

Our work is nearly always international, and we are constantly working with our network of overseas data protection counsel to provide a truly global perspective on the law.

We specialise in developing practical and proportionate compliance programmes for organisations, large and small. We have considerable expertise in building GDPR programmes, typically for global companies looking to apply GDPR as their standard internationally. 

We also help companies ensure that specific technology-based products and services meet legal requirements at all stages of development. We have an impressive understanding of how technology works at a data level and are regularly asked to advise on issues such as AI and machine learning, adtech, facial recognition, digital health, app development and cloud computing.

International data transfers are amongst our clients’ biggest concerns, and we are constantly advising organisations on how to ensure their internal and external data flows are lawful, based on the US Privacy Shield and EU Standard Clauses.  We have also have a specialty in developing Binding Corporate Rules for both controllers and processors, and have drafted and negotiated BCRs for some of the world’s largest most well-known companies, with the ‘lead authority’ in the UK, France, Germany or the Netherlands. 

Data subjects’ rights are now something that nearly every business needs to understand and comply with efficiently, and we are experienced at making this happen.  We frequently help our clients to respond to complex requests, whether this involves advising on the best approach or taking the drafting on ourselves.  Alongside this, we focus on developing strategies and training so that organisations can take as much ownership of the response process as they would like, and feel confident about complying with their legal obligations.

Key contact

Mark Watts

Contact

Experience

We have developed and assisted to implement over two hundred GDPR compliance programmes to date. While most of these were global in scope or at least Europe-wide, some were domestic and for smaller UK organisations. Our work involves a full end-to-end service, including information gathering, programme development and deployment, including training and the creation of various governance structures.

We are advising several leading adtech providers and publishers in connection with achieving a good and pragmatic level of compliance with both GDPR and ePrivacy within the Adtech ecosystem. This involves understanding complex technology issues such as ‘real-time bidding’ and ‘header bidding’ at a data-level and determining both the parties’ respective roles – as controller or processor – but also identifying an appropriate lawful basis.

We have had numerous Binding Corporate Rules approved by EU data protection authorities, including for controllers and processors. We did so liaising with ‘lead authorities’ and ‘second reviewers’ across the EU, and for one global multinational have done this in a manner consistent with the APEC Cross Border Privacy Rules.

We advise several of the world’s leading developers of artificial intelligence and machine learning technologies. This includes advising them on their responsibilities with respect to using personal data to train algorithms in a variety of different contexts, including health and medical image data, developing adtech solutions, natural language processing and real-time intrusion detection.

We have advised several manufacturers of Smart TVs and other ‘connected home’ IOT technologies in connection with the deployment of facial recognition, speech-to-text processing, ePrivacy considerations and cross-device advertising.

We are regularly asked to advise on whether and how GDPR applies to companies all over the world which are not established in the EU. This requires us to understand their international business and whether they can be considered as ‘targeting’ or selling goods and services to individuals in the EU. Where GDPR does apply, we have assisted companies in developing mitigation sand compliance strategies.

Latest articles

What others say

“‘One of the best firms in the area’, Bristows LLP has an ‘excellent’ department, which is ‘technically strong, extremely responsive and highly considerate of the client’s needs’. The firm’s contentious strength (in areas including data breaches) sits alongside substantial expertise in global compliance programmes and privacy issues. It advised Google in the EU and US on the development and implementation of a GDPR strategy, and is assisting Samsung Electronics in relation to the data protection elements of its digital marketing operations.”

Legal 500 2017

“Bristows LLP attracts praise for its ‘very strong industry knowledge and commercial acumen’. The practice is headed by ‘effective negotiator’ Mark Watts, who acts for Amazon Web Services and is known for his data protection expertise, and includes Toby Crick, who acts for Ofcom and handles major outsourcing projects; litigation specialist Myles Jelf, who acts for Google and Samsung; and Adrian Sim, who is ‘a pleasure to work with’ and whose clients include Genomics and Capgemini.”

Legal 500 2016

“Bristows LLP typically advises buyers on significant outsourcing transactions. Clients are drawn from a broad range of sectors, but include a number of financial services and technology companies. The firm was selected by Genomics England to act as lead adviser in the procurement of sequencing services from Illumina. Other clients include Capgemini, MasterCard and Guardian News and Media. Mark Watts is the head of the department, which includes Toby Crick, Adrian Sim and Chris Holder, a partner who arrived from Bird & Bird in September 2014.”

Legal 500 2015

Mark Watts, who has ‘incredible knowledge which he applies in a highly commercial way’, leads the team, which was recently bolstered by the arrival of Robert Bond and his team from Charles Russell Speechlys LLP. Of counsel Christopher Millard and Hannah Crowther are also recommended.”

Legal 500 2017

“Bristows LLP has a ‘top-drawer’ practice that acts for Google in ‘right to be forgotten’ cases and assists Dropbox with various issues on a Europe-wide basis. It also advises Sony on product launches and cyber-security issues and acts for mining company BHP Billiton on compliance. Mark Watts is ‘whip-smart, experienced, practical and ethical’.”

Legal 500 2015

“Full-service provision including coverage of cloud computing, Freedom of Information Act (FOIA) matters, healthcare and public sector data management. Particularly strong in litigation. Offers specific expertise in data protection concerning technology innovations.”

Chambers and Partners 2015

“They have a good balance of technical versus legal knowledge. They understand our area better than almost anyone else – they understand the technologies that we have and produce, and understand how we need to work.”

Chambers and Partners 2016

“The team offers broad sector expertise with a focus on emerging, innovative technology. Known for its close working relationships with in-house counsel, strong client list, and ability to handle complex technical matters.”

Chambers and Partners 2015

“The experienced data protection team at Bristows LLP frequently handles complex compliance and strategic matters as well as investigations, breaches and contentious issues.”

Legal 500 2019/2018

“They are incredibly reliable and responsive, and are really detail-oriented lawyers who not only get the space, but who understand technology and the commercial aspects as well.”

Chambers and Partners 2017

“The experienced data protection team at Bristows LLP frequently handles complex compliance and strategic matters as well as investigations, breaches and contentious issues.”

Legal 500 2019/18

“They offer the best practical advice on how to get something done. They offer guidance that helps us understand the risks and the best way of approaching an issue.”

Chambers and Partners 2016

“Bristows is undoubtedly a market leader in data privacy, with a long pedigree in this area of work, a strong roster of clients and excellent lawyers in the field.”

Chambers and Partners 2015

“They give practical, concise and direct advice, and they understand the technology sector very well. They are extremely responsive and quick to communicate.”

Chambers and Partners 2016

“I think they’re top-notch. They have an ability to get what the client’s business interest is, and focus on the issues clearly and keenly.”

Chambers and Partners 2015

“They’re smart, pragmatic and have a spectrum of clients, so they give very thoughtful, useful advice with an eye across many industries”

Chambers and Partners 2019

“An effective unit using their respective knowledge and skills sensibly. They’re aware of what the client needs and they deliver.”

Chambers and Partners 2017

“Bristows LLP ‘stands out as a client-focused firm that goes the extra mile to understand its clients’ commercial needs'”

Legal 500 2019/2018

“Bristows LLP ‘stands out as a client-focused firm that goes the extra mile to understand its clients’ commercial needs'”

Legal 500 2019/2018

“Bristows LLP handles a range of matters in the IT and telecoms space, and acts for clients including IBM, Capgemini and Sony.”

Legal 500 2017

“Bristows are recognised not only for having a strong advisory team, but also great litigation experience in data protection.”

Chambers and Partners 2017

“We have particular confidence in their grasp of technical matters, in addition to the high standard of legal advice.”

Chambers and Partners 2016

“They give a high-quality legal analysis coupled with a fruitful, thoughtful understanding of the way the law works.”

Chambers and Partners 2016

They are particularly distinctive in their market and technology knowledge, as well as their creative and practical approach.

Chambers and Partners 2019

“They are strong on both the technology and commercial sides owing to their powerful IP and data capabilities.”

Chambers and Partners 2019

“They are strong on both the technology and commercial sides owing to their powerful IP and data capabilities.”

Chambers and Partners 2019

“Recent additions to both bench and client roster further strengthen an already top-drawer offering”.

Chambers and Partners 2019

“Their technical expertise is fantastic – they really know their stuff.”

Chambers and Partners 2015

Recent rankings and awards

Data Protection, privacy and cybersecurity - Top tier
Legal 500 UK 2019-2018-2017

IT and Telecoms - Top tier
Legal 500 UK 2019-2018-2017

Data protection - Band 1
Chambers and Partners UK 2019-2016

IT - Band 1
Chambers and Partners UK 2019-2016

Outsourcing - Band 2 
Chambers and Partners UK 2019

Data Protection - Band 3
Chambers and Partners Europe