We understand that data protection and cyber-security regulation can be intimidating. Our lawyers are skilled in making complex data issues simple to understand. We work closely with our clients to identify their needs and deliver practical, commercial and straightforward advice. We deliver training on both data protection and cyber security compliance, and work with clients to develop and deliver bespoke crisis management training to mitigate the risks in the event of a cyber security incident or data protection breach.

Our data protection lawyers are well-versed in providing a crisis management service in respect of data protection and cyber security breaches, as well as advising on responses to subject access requests, investigations by the ICO and full scale GDPR compliance audits.

Our data protection lawyers and cyber specialists can help with all aspects of data protection and cyber security regulation, from simple ad hoc queries and analysis to advice on risk mitigation and breach strategy.

Areas of focus:

Our data protection and cyber security team’s expertise includes:

  • GDPR compliance including aspects of programmatic advertising and artificial intelligence (AI)
  • NIS Regulations compliance
  • EPrivacy and eMarketing issues
  • Cross border data flows and EU-US privacy shield
  • Structuring data protection audits including the development of questionnaires and project plans
  • Developing and reviewing data protection and cyber security policies, procedures, statements and handbooks
  • Complex data sharing arrangements
  • Compliant international data transfers
  • Producing impact assessments and monitoring employees using CCTV, email monitoring and private investigators
  • Responses to subject access requests
  • Compliant disclosure of sensitive or 'special category' information
  • Advising public authorities and institutions on FOIA requests
  • Data protection breach and cyber security incident handling
  • Providing bespoke training on data protection and cyber security
  • Thought leadership on data protection and cyber security issues in new and emerging technologies

Advising numerous clients on GDPR readiness programs including a UK-based, consumer-facing food delivery service, a US-based provider of cloud PaaS services, a UK mutual society, an Asian investment bank, a leading UK transport provider and an international financial services provider

Advising a provider of cloud IT services on GDPR compliance, including international data flows and negotiation of data protection terms in its customer agreements.

Advising an executive non-departmental public body on the management of a third party data breach involving the personal data of its employees, the negotiation of the data protection provisions in contracts for telecommunications services and the drafting of a data processing agreement covering the processing of our client’s data by another regulator.

Producing thought-leadership to inform future data protection and cyber security regulation for self-driving vehicles through our work on projects including FLOURISH, an Innovate UK funded connected and autonomous vehicle project.

Delivering cyber security crisis management training to a market-leading retailer.

Advising an independent business telecommunications provider on its response to an ICO investigation including responding to a Notice of Intent to issue a monetary penalty.

Advising a wealth-screening service provider on the ICO's investigation into data protection practices in the not-for-profit sector.

Advising the Faster Payments Scheme (part of Pay UK) on the GDPR aspects of setting up MITS, the AI enabled platform for participating financial institutions to trace fraud through the Faster Payments Scheme.

Meet the team
Andrew Dunlop

Andrew Dunlop Partner

  • Head of Outsourcing
  • Head of Technology
  • Head of Data Protection
A photo of David Varney

David Varney Partner

  • Data Protection and Cybersecurity
  • Technology and Communications
  • Outsourcing
Lucy Pegler

Lucy Pegler Partner

  • Technology and Communications
  • Data Protection and Cybersecurity
  • Outsourcing

Key contact

Andrew Dunlop

Andrew Dunlop Partner

  • Head of Outsourcing
  • Head of Technology
  • Head of Data Protection

BScale: Legal services for start-ups

Burges Salmon Artificial Intelligence (AI) Law, Regulation and Policy Glossary

Subscribe to news and insight

Burges Salmon careers

We work hard to make sure Burges Salmon is a great place to work.
Find out more