Skip to content

With one of the biggest and most well-known teams in Europe, Bristows is the go-to firm for pragmatic, expert-informed data protection advice. Our clients rely on us for guidance on a huge range of data protection issues, with our recommendations always rooted in pragmatism and what will actually work for their business.

Our work is nearly always international, and we are constantly working with our network of overseas data protection counsel to provide a truly global perspective on the law.

We specialise in developing practical and proportionate compliance programmes for organisations, large and small. We have considerable expertise in building GDPR programmes, typically for global companies looking to apply GDPR as their standard internationally. 

We also help companies ensure that specific technology-based products and services meet legal requirements at all stages of development. We have an impressive understanding of how technology works at a data level and are regularly asked to advise on issues such as AI and machine learning, adtech, facial recognition, digital health, app development and cloud computing.

International data transfers are amongst our clients’ biggest concerns, and we are constantly advising organisations on how to ensure their internal and external data flows are lawful, in light of changing case law and guidance. We also have a specialty in developing Binding Corporate Rules for both controllers and processors, and have drafted and negotiated BCRs for some of the world’s largest most well-known companies, with the ‘lead authority’ in the UK, France, Germany or the Netherlands. 

Data subjects’ rights are now something that nearly every business needs to understand and comply with efficiently, and we are experienced at making this happen.  We frequently help our clients to respond to complex requests, whether this involves advising on the best approach or taking the drafting on ourselves.  Alongside this, we focus on developing strategies and training so that organisations can take as much ownership of the response process as they would like, and feel confident about complying with their legal obligations.

Key contacts

Mark Watts

Contact

Marc Dautlich

Contact

Publications

Data Protection publication

Read here

Experience

We have developed and assisted to implement over two hundred GDPR compliance programmes to date. While most of these were global in scope or at least Europe-wide, some were domestic and for smaller UK organisations. Our work involves a full end-to-end service, including information gathering, programme development and deployment, including training and the creation of various governance structures.

We are advising several leading adtech providers and publishers in connection with achieving a good and pragmatic level of compliance with both GDPR and ePrivacy within the Adtech ecosystem. This involves understanding complex technology issues such as ‘real-time bidding’ and ‘header bidding’ at a data-level and determining both the parties’ respective roles – as controller or processor – but also identifying an appropriate lawful basis.

We have had numerous Binding Corporate Rules approved by EU data protection authorities, including for controllers and processors. We did so liaising with ‘lead authorities’ and ‘second reviewers’ across the EU, and for one global multinational have done this in a manner consistent with the APEC Cross Border Privacy Rules.

We advise several of the world’s leading developers of artificial intelligence and machine learning technologies. This includes advising them on their responsibilities with respect to using personal data to train algorithms in a variety of different contexts, including health and medical image data, developing adtech solutions, natural language processing and real-time intrusion detection.

We have advised several manufacturers of Smart TVs and other ‘connected home’ IOT technologies in connection with the deployment of facial recognition, speech-to-text processing, ePrivacy considerations and cross-device advertising.

We are regularly asked to advise on whether and how GDPR applies to companies all over the world which are not established in the EU. This requires us to understand their international business and whether they can be considered as ‘targeting’ or selling goods and services to individuals in the EU. Where GDPR does apply, we have assisted companies in developing mitigation and compliance strategies.

Resources

Latest articles

What others say

“The team offers extensive expertise in and deep understanding of the complexities of data protection laws. They stay ahead of legislative changes so that their advice is always up to date.”

Chambers & Partners 2025

“Bristows’ team is very pragmatic and to the point. They don’t overcomplicate things. They think like in-house lawyers and are my go-to.”

Chambers & Partners 2025

“Great sector knowledge and technical legal know-how for traditional and new media.”

Legal 500 2025

“They provide a Rolls Royce service, working with the top barristers in the field to ensure a positive outcome for their client in litigation.”

Legal 500 2025

“Particularly strong on online publications where the firm has a wealth of technical expertise.”

Legal 500 2025

“The reputation management team at Bristows is exceptional. They are intensely focused, always practical, and have an excellent ability to keep an eye on the overall direction of travel of case while being right across the detail.”

Legal 500 2025

“One of the few firms with the ability to offer advice across the spectrum, from defamation to data privacy. They have a stellar data protection practice which is now supplemented with a genuinely excellent media and reputation management team.”

Legal 500 2025

“The TMT team is a market leader. As a team the market experience is exceptional across the board. But it is the positive and creative way in which this team works with the wider team which is exceptional. Everyone’s input is encouraged and valued such that clients feel involved but looked after. As everyone’s capabilities are allowed to flourish, across the team there is a focus on the commercial significance of the dispute but also on the legal niceties. The team have both the resources and skills necessary to manage substantial litigation and arbitration approaching such disputes with good humour, hard work and creativity.”

Legal 500 2025

“Thorough preparation and detailed case knowledge combined with good strategic advice.”

Legal 500 2025

“A very client-focused attitude combined with excellent strategic advice, considering our overall objectives. The team shows great flexibility and strength in depth, always fully up to speed with the matters at hand. Has also been willing to discuss alternative billing arrangements which have proved mutually beneficial. Billing transparency one of the best among the many law firms we use.”

Legal 500 2025

“Very responsive and knowledgeable team.”

Legal 500 2025

“The team combines technical excellence with a pragmatic and commercial approach. They have taken the time to get to know our business and tailor advice accordingly.”

Legal 500 2025

“They have lawyers who understand the need for a company to be practical, so there is a good balance of legal analysis, and practical and actionable solutions.”

Legal 500 2025

“The Bristows team has a very strong focus on interpersonal relationships. Everything just happens in a very smooth way to a high level of satisfaction.”

Legal 500 2025

“They have multiple experts with a broad range of experience in matters that range from litigation to compliance counselling.”

Chambers and Partners Europe 2024

“They have a great ability to find pragmatic and simple solutions to complex issues.”

Chambers and Partners Europe 2024

“I was thoroughly impressed with their expertise and professionalism. I have worked with law firms from all around the world and Bristows for sure is among the best ones. What makes Bristows practice unique is their ability to combine deep legal knowledge with a practical, business-focused approach.”

Legal 500 2024

“Their advice is always practical, realistic and adaptable.”

Chambers and Partners 2023

“Bristows have an incredible depth and breadth of experience.”

Chambers and Partners 2023

“Bristows has a comprehensive IT practice with powerful resources for major commercial transactions and complex litigation. It advises many of the world’s leading technology companies, and also sophisticated blue-chip buyers of IT services. It is especially adept at providing counsel on the most current and cutting-edge issues in the technology space.”

Chambers and Partners 2023

“They are extremely responsive both to acknowledge a query and then to respond to it and are always mindful of the time frames given.”

Chambers and Partners 2023

“Clients use them because of their sector expertise and their understanding of commercial organisations needing to deliver pragmatic privacy guidance with a commercial steerage.”

Chambers and Partners 2023

“They are technically very strong, giving us great confidence in their advice.”

Chambers and Partners 2023

“The Bristows reputation management team is small but experienced and has the advantage of being able to offer cross-expertise to other Bristows specialist departments such as data protection, copyright and IT generally. In the internet age that is very valuable.”

 

Legal 500 2023

“Excellent depth of technical and market knowledge in relation to new media e.g. online platforms, search engines etc. make Bristows an obvious choice for online reputation management issues.”

Legal 500 2023

“Definitely one of the go to firms for organisations in the media and tech field facing complex and challenging litigation in the reputation management area.”

Legal 500 2023

“Outstanding technical ability coupled with first rate people skills and exceptional practical outcomes. This is a rare team with quality from top to bottom. The associates and trainees are as outstanding as the partners at the very top. This means cases can be run practically and sensibly leading to excellent results.”

Legal 500 2023

“One of the very few firms able to offer legal advice across the entire reputation management spectrum, from defamation to data privacy.”

Legal 500 2023

Recent rankings and awards

FinTech Legal: Data Protection and Cyber Security - Band 1

Data Protection & Information Law - Band 1

Reputation management - Tier 2

Data Protection - Band 3

Data protection, privacy and cybersecurity - Tier 1

FinTech Legal: Data Protection & Cyber Security - Band 1

Data Protection (Europe-wide) - Band 3

Data Protection in Global: Multi-Jurisdictional - Band 3

Data Protection (Europe wide) - Band 3

Data Protection, Privacy and Cybersecurity - Tier 1

Data Protection in Global: Multi-Jurisdictional - Band 3

Commended for Technology, Media & Telecoms

Information Technology and Outsourcing - Band 1

Data Protection - Band 1

Technology, Media and Telecoms - Tier 2

Reputation Management - Tier 3

Fintech - Tier 3

IT and Telecoms - Tier 1