Data, Privacy and Cyber

We can help you harness the power of the data you hold whilst ensuring that you are acting in accordance with legal and regulatory requirements, as well as maintaining customer, employee and public trust. We also support when things go wrong and an urgent response is needed to a cyber-incident, regulator enquiry or privacy claim.


We can support you with queries of all sizes and complexities, ranging from your everyday needs to strategic advice and complex projects and from one-off misdirected emails to complex ransomware incidents.

Our team is recognised for its practical, pragmatic approach. We pride ourselves on our ability to digest complex issues of law and regulation into accessible, commercial advice, enabling our clients to maximise their use of data and respond to challenges whilst managing complex risks.

We regularly initiate protective legal proceedings for clients, including injunctive relief. Successful proceedings include persons unknown proceedings following cyber-attacks and applications against rogue individuals. We also have extensive expertise and experience in defending individual and mass privacy claims.

Many of our clients are part of a global group. We are able to draw upon expertise across our international offices and network of trusted partners to provide a solution for handling significant projects, or responding to global incidents.

We advise clients across all sectors but have particular expertise in advising clients in financial services (includes insurance); health and social care; real estate; and technology. This sector expertise means that our lawyers are able to advise specifically in the context of industries which have their own, unique challenges.

As well as providing bespoke solutions to our client's needs, we have specific, fully outsourced offerings which includes data protection healthchecks, handling of data subject access requests, corporate due diligence and data breach response planning. We also provide cyber insurance incident response services.

Featured experience

  • Advising a global health tech company using AI to improve patient health outcomes on their entry into the UK market and establishment of a worldwide performance benchmarking programme.
  • Leading a series of complex data protection impact assessments for an insurer relating to the use of personal data for pricing, claims handling and fraud detection.
  • Advising clients facing regulatory action, with successful appeals against regulatory sanctions.
  • Acting in cyber and privacy litigation, including persons unknown injunctions (Ince Group, Pendragon, Armstrong Watson), injunctive proceedings against known persons (Notting Hill Genesis) and some of the leading defensive privacy cases (e.g. Johnson v Eastlight [2021]).
  • Advising an investment bank on complex employee privacy matters and providing a fully outsourced end to end subject access request service.
  • Advising on the use of facial recognition technology.
  • Strategic advice regarding the use of footfall analytics technology.
  • Advising a data science accreditation provider on its data protection strategy including for data transfers post Schrems II.
  • Advising a leading chain of private fitness and leisure clubs in relation to data protection considerations arising out of the launch of a member app.
  • Supporting an international fintech supplier in relation to various data protection issues, including overseas transfers, liability for data protection breaches and obtaining consent for direct marketing contents.

Are you ready for the EU Digital Operational Resilience Act?

What our clients say

  • DAC Beachcroft LLP‘s team is ‘at the cutting edge of the law’ and geared to handle both contentious and non-contentious work, including ICO investigations, data subject access requests, class litigation, international data transfers and compliance matters.

    Chambers & Partners, Data Protection & Information Law

  • Great team focused on building effective client relations with good turnaround and industry focused expertise.

    Legal 500 UK 2023 Edition, Data Protection, Privacy & Cybersecurity

  • Co-practice head Jade Kowalski is especially sought after by clients in the insurance, financial services and tech sectors to advise on data transfers. Co-practice head Hans Allnutt is an expert in cybersecurity matters, ransomware attacks and litigation.

    Legal 500 UK 2023 Edition, Data Protection, Privacy & Cybersecurity

  • Their knowledge of employment data protection issues is really helpful when dealing with quite nuanced and complex matters. They are good at cutting through lots of noise and coming out with salient points.

    Chambers & Partners, Data Protection & Information Law

  • The team is excellent and knowledgeable.

    Chambers & Partners, Data Protection & Information Law

Data, Privacy & Cyber key contacts

Who we are

Why choose DAC Beachcroft?

We’re a broad-based commercial firm serving a wide range of sectors with a strong heritage in insurance,
health and real estate. We combine excellent legal skills and cutting-edge delivery expertise to design
solutions that fit the needs of our clients – often involving clever uses of technology.