With one of the biggest and most well-known teams in Europe, Bristows is the go-to firm for pragmatic, expert-informed data protection advice. Our clients rely on us for guidance on a huge range of data protection issues, with our recommendations always rooted in pragmatism and what will actually work for their business.
Our work is nearly always international, and we are constantly working with our network of overseas data protection counsel to provide a truly global perspective on the law.
We specialise in developing practical and proportionate compliance programmes for organisations, large and small. We have considerable expertise in building GDPR programmes, typically for global companies looking to apply GDPR as their standard internationally.
We also help companies ensure that specific technology-based products and services meet legal requirements at all stages of development. We have an impressive understanding of how technology works at a data level and are regularly asked to advise on issues such as AI and machine learning, adtech, facial recognition, digital health, app development and cloud computing.
International data transfers are amongst our clients’ biggest concerns, and we are constantly advising organisations on how to ensure their internal and external data flows are lawful, based on the US Privacy Shield and EU Standard Clauses. We also have a specialty in developing Binding Corporate Rules for both controllers and processors, and have drafted and negotiated BCRs for some of the world’s largest most well-known companies, with the ‘lead authority’ in the UK, France, Germany or the Netherlands.
Data subjects’ rights are now something that nearly every business needs to understand and comply with efficiently, and we are experienced at making this happen. We frequently help our clients to respond to complex requests, whether this involves advising on the best approach or taking the drafting on ourselves. Alongside this, we focus on developing strategies and training so that organisations can take as much ownership of the response process as they would like, and feel confident about complying with their legal obligations.