Comprehensive advice on the law concerning privacy and the processing of personal data, including direct marketing, overseas transfers and the EU General Data Protection Regulation

The General Data Protection Regulation

No European or international business of any size can have failed to notice the entry into force of the GDPR in May 2018.  The GDPR requires the thorough re-evaluation of all internal policies and procedures concerning the processing of personal data, backed up by greatly increased penalties for non-compliance.  We are experts in this field and can advise on all aspects of this fundamental piece of legislation.

Contracts for data processing

In the EU it is a legal requirement that all contracts governing the processing of personal data must meet specified minimum requirements, which are extensive in their scope and effect. We can advise on contracts in all fields relating to data processing, such as HR, outsourcing, marketing and online services, amongst many other examples.

International data transfers

The GDPR and several other national laws around the world restrict the export of personal data. We have very extensive experience in the field of international data transfers, especially in the context of transfers for litigation purposes, model contract clauses and the differing regulatory requirements in countries worldwide.


Data protection law imposes strict regulation on the use of personal data for marketing purposes.  The penalties for misuse are becoming fiercer.  We can advise on the limits of lawful use, the drafting of internal policies and the notices to be given to data subjects when data is being collected.


Security breaches cause great concern to individuals and have also been responsible for most of the large fines imposed by EU regulators.  No organisation can be complacent about security, and the task of ensuring continued compliance is made much more difficult by the increasing prevalence of cyberattacks.  We can advise on the security standards which regulators are likely to expect, methods of demonstrating compliance, and on how to deal with regulators and individuals in the event of a security breach.


Litigation in the data protection field is a rapidly growing area, with many cases going through the courts.  This has increased as a result of the introduction of the GDPR, which contains clearer rights for data subjects to obtain compensation for data misuse, and vastly higher penalties for data controllers who break the law.

The protection of corporate information

We have extensive experience on matters relating to the protection of information, including the preparation of non-disclosure agreements, advising on trade secrets and confidential information, employment contract covenants, and rights to information in databases.

Key services

  • Data privacy audits, to check that processing is in compliance with current legislation
  • Advice on the meaning and interpretation of data protection law
  • Creation and implementation of data protection policies
  • Advice on data breaches, including procedures, responses and notifications
  • Cybersecurity – assessment of legal risk and advice on steps to mitigate that risk
  • Advice on privacy issues arising in the course of M&A and other transactions
  • Assistance with responses to subject access requests
  • Advice on criminal aspects of data protection legislation
  • Advice on the protection of corporate information, including trade secrets, confidential information and database rights
  • Advice on employment contract covenants
  • Assistance with defamation claims
  • Training, including the development of privacy training programmes
  • Litigation relating to privacy and data protection
  • Advice on the impact of relevant telecommunications legislation

Key people

Our practice is headed by Quentin Archer.  Quentin has been a leading figure in the world of privacy and data protection for many years.  He is currently recognised by Chambers 2019 as one of three “senior statespersons” in the field in the UK.

Quentin has spoken on privacy issues at many national and international conferences.  For several years he was co-chairman of the influential Sedona Conference working group on e-discovery and data privacy, whose work was commended by the EU Article 29 Working Party, and chaired several of their conferences.  He is also a regular chairman at the IT Summer Law School in Cambridge, England.

He is supported by Graham Cunningham, a Legal Adviser to the firm.  Graham has been involved in data protection and confidential information issues both in industry and private practice for over 40 years. This has included the drafting of policies, litigation and advisory work.

What our clients say

“The ‘excellent’ Quentin Archer is noted for his experience with regard to data protection and cybersecurity. He also advises on outsourcing projects and fintech products.  Sources say he is ‘very knowledgeable, reasonable and good to work with.’ “

[Chambers Guide, 2017]


  • What will Trump mean for transborder data flows?, Europe Data Protection Digest, December 2016 (see here for article) and Privacy Perspectives, December 2016 (see here for article)
  • The Citizen and the Litigant – Balancing Interests in the Digital Age, Sedona Conference Journal, Fall 2015, Vol. 16, p311 (see here for article)