With one of the biggest and most well-known teams in Europe, Bristows is the go-to firm for pragmatic, expert-informed data protection advice. Our clients rely on us for guidance on a huge range of data protection issues, with our recommendations always rooted in pragmatism and what will actually work for their business.

Our work is nearly always international, and we are constantly working with our network of overseas data protection counsel to provide a truly global perspective on the law.

We specialise in developing practical and proportionate compliance programmes for organisations, large and small. We have considerable expertise in building GDPR programmes, typically for global companies looking to apply GDPR as their standard internationally. 

We also help companies ensure that specific technology-based products and services meet legal requirements at all stages of development. We have an impressive understanding of how technology works at a data level and are regularly asked to advise on issues such as AI and machine learning, adtech, facial recognition, digital health, app development and cloud computing.

International data transfers are amongst our clients’ biggest concerns, and we are constantly advising organisations on how to ensure their internal and external data flows are lawful, in light of changing case law and guidance. We also have a specialty in developing Binding Corporate Rules for both controllers and processors, and have drafted and negotiated BCRs for some of the world’s largest most well-known companies, with the ‘lead authority’ in the UK, France, Germany or the Netherlands. 

Data subjects’ rights are now something that nearly every business needs to understand and comply with efficiently, and we are experienced at making this happen.  We frequently help our clients to respond to complex requests, whether this involves advising on the best approach or taking the drafting on ourselves.  Alongside this, we focus on developing strategies and training so that organisations can take as much ownership of the response process as they would like, and feel confident about complying with their legal obligations.

Key contacts

Mark Watts

Contact

Marc Dautlich

Contact

Publications

Data Protection Top 10

Read here

Experience

We have developed and assisted to implement over two hundred GDPR compliance programmes to date. While most of these were global in scope or at least Europe-wide, some were domestic and for smaller UK organisations. Our work involves a full end-to-end service, including information gathering, programme development and deployment, including training and the creation of various governance structures.

We are advising several leading adtech providers and publishers in connection with achieving a good and pragmatic level of compliance with both GDPR and ePrivacy within the Adtech ecosystem. This involves understanding complex technology issues such as ‘real-time bidding’ and ‘header bidding’ at a data-level and determining both the parties’ respective roles – as controller or processor – but also identifying an appropriate lawful basis.

We have had numerous Binding Corporate Rules approved by EU data protection authorities, including for controllers and processors. We did so liaising with ‘lead authorities’ and ‘second reviewers’ across the EU, and for one global multinational have done this in a manner consistent with the APEC Cross Border Privacy Rules.

We advise several of the world’s leading developers of artificial intelligence and machine learning technologies. This includes advising them on their responsibilities with respect to using personal data to train algorithms in a variety of different contexts, including health and medical image data, developing adtech solutions, natural language processing and real-time intrusion detection.

We have advised several manufacturers of Smart TVs and other ‘connected home’ IOT technologies in connection with the deployment of facial recognition, speech-to-text processing, ePrivacy considerations and cross-device advertising.

We are regularly asked to advise on whether and how GDPR applies to companies all over the world which are not established in the EU. This requires us to understand their international business and whether they can be considered as ‘targeting’ or selling goods and services to individuals in the EU. Where GDPR does apply, we have assisted companies in developing mitigation and compliance strategies.

Latest articles

What others say

“You are confident you will get really sound advice from them.”

Chambers and Partners Europe 2021

“It is a great comfort to us that the individuals we are in contact with work closely as a team and help us keep all legal matters joined up and addressed consistently.”

Chambers and Partners Global 2021

“There is a lot of expertise in the firm and the lawyers collaborate to provide the best service to their clients.”

Chambers and Partners Global 2021

“You are confident you will get really sound advice from them.”

Chambers and Partners Global 2021

Bristows has “a strong name within multi-jurisdictional IP and data protection matters.”

Chambers and Partners Global 2021

“I would not hesitate to recommend their services to others.”

Chambers and Partners Global 2021

“Every member of the team we have worked with has been knowledgeable, pragmatic and responsive.”

Chambers and Partners Global 2021

“Terrific at IP and advertising work.”

Chambers and Partners 2021

“They’re efficient, responsive and provide good-quality strategic advice.”

Chambers and Partners 2021

“Accomplished advisers to clients in the gaming sector on IP and regulatory issues.”

Chambers and Partners 2021

“A leading destination for advice with regard to digital health and medtech, and associated data privacy issues.”

Chambers and Partners 2021

“There is a lot of expertise in the firm and the lawyers collaborate to provide the best service to their clients”.

Chambers and Partners 2021

“They know the law and they also realise that clients need pragmatic, risk-based advice which can be utilised within a commercial environment.”

Chambers and Partners 2021

“They [Bristows] are at the top of their game.”

Chambers and Partners 2021

Bristows “enjoys a reputation as a go-to practice for cross-border privacy disputes and regulatory concerns.”

Chambers and Partners 2021

“Extremely experienced and accomplished solicitors specialising in data protection from both advisory and contentious perspectives.”

Chambers and Partners 2021

“Broad range of skills, good and cost effective advice.”

Legal 500 2021

“Clear understanding of the technology and specifically fintech/insurtech market.”

Legal 500 2021

“They have deep professional relationships with a wide swath of organisations in every industry as well as with regulators.”

Legal 500 2021

“They are extremely experienced, thoughtful, pragmatic and measured.”

Legal 500 2021

“Bristows’ data protection practice is the best data privacy practice out there — bar none.”

Legal 500 2021

“Unparalleled breadth and quality of expertise in the field with an ability to address both data protection compliance issues and contentious privacy litigation.”

Legal 500 2021

“I enjoy working with Bristows.”

Legal 500 2021

“Good at maintaining position as a trusted adviser.”

Legal 500 2021

“Due to size managing, case load may be challenging at times but this has never been an issue because the quality of the deliverables has consistently been very high.”

Legal 500 2021

“Very capable and knowledgeable team with excellent leadership.”

Legal 500 2021

Bristows have “a strong bench of practitioners.”

Legal 500 2021

“Bristows has met and exceeded our standards and expectations.”

Chambers and Partners Global 2020

Recent rankings and awards

Data Protection, Privacy and Cybersecurity - Tier 1

IT and Telecoms - Tier 1

Fintech - Tier 3

Reputation Management - Tier 4

Data Protection - Band 1

IT - Band 1

Outsourcing - Band 2

Data Protection - Band 3

Leading Firm

GDR 100

Data Protection - Band 3

Data Protection & Cybersecurity

IT & Telecoms