Information Law

The financial services sector is powered by the flow of data. At the core is information about individuals, particularly your customers and employees. Misuse of data and ignoring the rights of data subjects can cause significant damage, both in terms of financial loss and damage to your brand. With fines for data protection breaches set to rise to 4% of a company's annual worldwide turnover under the proposed General Data Protection Regulation, and the power of the FCA to fine regulated companies unlimited amounts for inadequate systems and controls, data protection has risen to the boardroom agenda.

The financial services sector may have been a slow starter to Big Data and new technologies, but we now see our clients purchasing technology and expertise, which is enabling them to incorporate new types of information from inside and outside an organisation in order to improve underwriting, claims handling and provide more bespoke cover and marketing to insureds and prospects. Data scientists are now a standard recruit amongst our insurance client base. We help our clients harness the power of the data they hold, whilst ensuring they are acting in accordance with legal and regulatory requirements, as well as maintaining customer trust.

Many of our financial services clients are part of groups operating and implementing data processing systems on a global basis. We recognise our clients need a cost effective, seamless solution for handling these global compliance projects, and pragmatic commercial solutions to implement these systems in compliance with the plethora of data protection laws, and requirements across the globe.

We are currently working with many of our financial services clients to assess the impact the General Data Protection Regulation will have on how data is used in their business, and are steering our clients on a two year implementation programme to overhaul their compliance programme, and implement the changes required to data processing activities as a result of the new law.

What we do

We provide a one-stop solution for our clients' data protection advice needs, drawing on the experience and expertise of our regulatory and IT colleagues. From drafting advice and opinions, conducting privacy impact assessments and audits, and advising on global data processing projects, to advising on data protection clauses in your contracts, our advice is focussed and takes into account the market practice and specific challenges of the financial services sector.

Queries range in size, from the very small where all it takes is a quick call to us, to the major strategic projects involving data protection advice being obtained and distilled on a global basis – we have experience of dealing with them all.

We are also the first choice law firm for insurers who indemnify data protection and cyber risks. We advise both insurers and policyholders who suffer data breach incidents. For further information on this please see our Cyber and Data Risk page.

We share our knowledge and expertise by producing a monthly data protection client alerter focussed on the legal and regulatory requirements of the financial services sector. To sign up please click here.

What we are known for

Our dedicated Financial Services Sector Data Protection team deals with data protection queries and projects for all manner of financial services companies, including wealth management companies, building societies, banks, insurers, brokers and credit reference agencies on a daily basis. Our clients instruct us, knowing that our vast industry knowledge and awareness of market practice means we will provide a pragmatic solution in line with legal and regulatory requirements.

We are also instructed for our expertise in co-ordinating global data protection compliance projects. We have formulated a panel of handpicked data protection specialist law firms in jurisdictions across the world to provide our clients with a seamless global advice. This comprises of DAC Beachcroft offices across the world and a panel of bespoke best friend law firms.

Detailed elements of our services

Strategic Advice

• Advising clients on the data protection issues of major projects, both UK and international, and in relation to both customer and employee data;
• Working with clients to undertake and produce privacy impact assessments;
• Working with clients through a mock data security breach to test internal processes;
• Contract Advice Review of data protection issues in agreements such as insurance distribution, outsourcing, procurement and supply chain contracts;
• Drafting and negotiating complex data processor and transfer agreements within and outside the EEA, including coordinating data protection authority filing requirements in countries across Europe using our panel of data protection lawyers.

Policies and Procedures

• Drafting and updating privacy policies, notices and data protection consents;
• Producing standard forms and letters, such as for subject access requests;
• Data Audits can be of the whole or just a part of your business - our audits chart the data flows through the business, and include interviews of key individuals about business processes, and a review of relevant policies. The final report sets out areas of compliance and non- compliance, and a hierarchy of remedial steps;
• HR Subject access requests made in tangent to disciplinary hearings or employment tribunals;
• Staff data protection notices and policies;
• Disciplinary proceedings following data security breaches;
• Sharing staff data in M&A or other corporate restructurings.

Data Helpline

• You can call us at any time if you have a data protection query or emergency. We can provide a fixed cost depending on the anticipated volume of queries;
• Training Workshops for both lawyers and non-lawyers on all aspects of data protection, including "A step-by-step guide through a data security breach', 'The effect of the GDPR on the financial services sector'.