Data Privacy & Cyber Security

Key Contact

Print Friendly, PDF & Email
Accolades & Testimonials
Meet The Team

As the GDPR increasingly bares its teeth and companies are besieged by cyber-attacks daily, compliance with the privacy regime has never been more business critical.    

The privacy landscape is never static. Companies must stay abreast of evolving regulation to keep their data collection, storage and electronic marketing processes not only compliant, but acceptable to an ever more privacy-savvy populace.

Getting it right is an opportunity, not least because of the reputational risks and business damage wreaked by data breaches and cyber incidents – many of which hit the headlines with devastating consequences.

Our specialist IT lawyers are on hand to support clients as they continue to build their data and cyber resilience, safeguarding confidentiality, integrity and accessibility as they carry out the data processing, digital transactions, cloud storage and other online activities that their businesses depend on.

Our experienced team is primed to guide organisations through complex data protection and privacy challenges, drafting privacy, data protection, retention and data breach policies, as well as advising on data sharing and processing arrangements, international transfers, and assisting with subject access requests and data breaches. 

We have legal experts to identify and manage legal and business continuity risks and vulnerabilities, minimising the chances of a cyber-attack and maximising recovery if one occurs. We work with businesses to implement appropriate governance and compliance structures to mitigate the impact of a cyber incident.

What’s more, we have custom-built software to help. We have developed Data Assist, a tool to detect and address weaknesses in security architecture, keeping valuable business data safe. We can audit all data collection and processing activities and develop a bespoke GDPR compliance solution for each unique business.

Plus, our Acuity Reputation Management Service, a bespoke crisis and corporate reputation management tool, provides an outsourced data protection officer (Acuity DPO) service.

We advise on:

  • GDPR – advisory, audits, compliance, due diligence, governance, subject access requests, risk analysis, data management and training
  • Data strategy, retention, mapping and operating models
  • Privacy policies, privacy notices, data protection impact assessments, legitimate interest assessments and contractual drafting (such as data sharing, joint data controller and data processing arrangements)
  • Cyber security – policies, strategy, technical and legal issues, incident planning and breach management
  • Freedom of Information Act (FOIA) – information requests and breaches under FOIA
  • Information Commissioner’s Office (ICO) liaison and complaints and breach strategy and management
  • Advising a leading automotive retailer in complying with the GDPR, a major data breach and successfully defending an action taken by the ICO
  • Advising the Office for National Statistics on its GDPR compliance programme using our Acuity DataGuard product
  • Advising a regional airport on its GDPR data privacy audit and compliance reviews across each of its departments; providing strategic support and drafting privacy policies and notices
  • Advising an IT provider on its post-GDPR data privacy strategy, carrying out an Acuity DataGuard audit and compliance programme, drafting privacy policies and privacy notices, and working with them to design its future data operating model


  • The Tech and Communications Team is ranked Tier 1 in The Legal 500


“Engagement with Acuity was a pleasure. The whole team was on the ball, attentive, explained everything in layman’s terms throughout the whole process.”

Declan Goodwin

Phil Pugh, Partner at Acuity Law

Phil Pugh


Adam Munn

john tay

John Tay

Skip to content