Privacy and data protection

How we can help you

Whether you see privacy as a differentiator, or just something which you need to "do right", we can help.

In a world of increasingly complex privacy law, you want someone who knows the legal frameworks inside out and has years of operational experience.

Neil spent several years as head of privacy for the UK operating company of a global communications provider, helping to design cutting edge products and services, as well as being responsible for the privacy rights of almost 20 million communications customers.

Since then, he has helped companies and in-house privacy teams protect the privacy rights of their customers, and meet their legal obligations, across the full spectrum of data protection issues. This has included substantial GDPR implementation activity, helping bring companies up to speed with the new(ish) framework, as well as day-to-day advice and guidance, and operational issues such as handling questions from customers and complaints from the UK's privacy regulator.

What our clients say

“Best External Privacy Resource In The World"

Head of Legal, major energy company

"[your] business understanding is one of the reasons why you are my favourite external lawyer of all times"

Chief Privacy Officer, FTSE 100 brand

"Neil, you’re a legend! Thank you sooooooo much! This is amazing!"

Project manager, major airline

⚠️ Warning: here be dragons!

The GDPR — Europe's new(ish) data protection framework — has done some great things for privacy, but has also had some less great side-effects.

One of these is the massive increase in the number of people claiming to be privacy or GDPR "experts". Some even claim to be "certified" despite there being no formal certification regime.

Before you select an advisor on GDPR or privacy issues, check whether they really have the experience you need — after all, the cost of getting it wrong could be significant, and the impact on your customers, and your reputation, massive.

Being transparent

Whether a typical "privacy notice" or a more user-friendly approach incorporated into your service design, we can help you meet your legal obligation to keep data subjects — whether your customers, your employees, or anyone else — informed about what you are doing with their data, and why.

We have prepared privacy notices for a whole range of companies, in a variety of styles, and we're happy to help with a "one-off" notice, or help you to implement a system for keeping your notice(s) up to date as your business practices change.

If you would like a less stuffy, formal notice, we can prepare something which fits your preferred style and tone of voice, while also meeting your legal obligations.

Data processing agreements

If you are going to be engaging someone to process your customers' precious data on your behalf, you'll need to ensure that you have an appropriate data processing agreement, as part of your security strategy.

We have helped prepare suites of documents for clients, to suit different situations, along with accompanying negotiation and liability guidance, to help procurement teams lead on the implementation on data processing agreements with a minimum of legal team support. We have also negotiated tens of agreements with processors around the globe, and we can steer you on issues which are likely to prove a sticking point or cause concern, as well as advise you on risk and apportionment of liability.

If you are processing on behalf of another data controller, you'll want to make sure that you have a clear view of your obligations, risks and liabilities. Getting expert legal advice early in the process can help reach an agreement which works for both parties.

We can also help you with data sharing agreements, or agreements between you and other data controllers.

Subject access requests and ICO complaints

Most subject access requests — requests from data subjects for a copy of their data, and for information about your processing — can be answered quite easily. But if you've got one which is trickier, or else you just need a hand with it, we've plenty of experience in preparing responses for clients to send to data subjects.

We hope it won't happen to you but, if a data subject complains to the ICO, there's a strong chance that the ICO will get in touch. This is an opportunity to put your side of the case — it's a chance for advocacy, and to persuade the ICO to find in your favour. If you don't have the resources do to this yourself, or you'd appreciate some skilled assistance (particularly if there situation is unclear, or if the facts appear unhelpful), do drop us a line.

New products and services

Products, services, apps, wearables — whatever!

You have probably heard of the terms "privacy by design" and "privacy impact assessments".

We can help you design services in a way which meets your commercial objectives without alienating customers or triggering undue regulatory concern, including giving you clear, pragmatic advice on challenging topics, such as data analytics.

Compliance

From getting your business registered with the Information Commissioner's Office to establishing a solid policy framework, and from embedding good practices across your organisation to helping you meet your regulatory obligations, such as dealing with subject access requests, we can support and guide you.

Incident handling

Nobody wants to have a privacy-related incident, but worse is having an incident without a plan for how to deal with it. We can help you make that plan, so that an incident is not a panic. Or, if you've had an issue, we can help you get back on your feet again.

Some breaches are the subject of mandatory reporting obligations — often to the regulator, and sometimes to affected users — so it is worth having a plan in place so that, if an incident happens, you know what to do and how.

Some communications services may be subject to even more rigorous reporting obligations, requiring notification to the regulator within 24 hours of detection.

Audits

We have experience in both leading and supporting on ICO audits. We can help you engage with the ICO and determine audit scope and structure, review existing materials and prepare supporting evidence, help arrange pre-audit documentation packs, and provide on-site support during the audit itself. /p>

We have helped reassure nervous or concerned interviwees, and provided dedicated coaching and support on answering questions and presenting their evidence confidently and succinctly.

We can also help with post-audit representations, if things have not gone quite to plan, or if you feel that the audit findings are not representative of the true position of your organistion.

Get in touch

email  Email

Please contact us via email:

contact@decoded.legal

Please encrypt it, if you can. Here is our PGP/GPG key. You can also find our keys on keys.openpgp.org, and via Web Key Directory.

phone Voice & video

Please email and arrange a time to speak.

We offer "normal" phone calls, SIP, and encrypted audio/video calls.

We record calls.

We'll never spam you or sell your information. Ever. More info here.

Authorised Law Firm badge

View our Authorised Law Firm digital badge here. The badge is hosted by a third party (which purports to act as a processor of the Solicitors Regulation Authority), and they automatically load Google Analytics. Only view our badge if you are willing to send your IP address to them, and for them to load Google Analytics on your device. Here is their privacy notice.

Other bits

decoded.legal is:

  • authorised and regulated by the Solicitors Regulation Authority (626329)
  • subject to the SRA's code of conduct
  • a company registered in England and Wales (9856909) with a registered office address of 48A Dene Way, Donnington, Newbury, Berkshire, RG14 2JW
  • registered as a data controller with the Information Commissioner's Office (ZA152364)
  • registered for VAT in England and Wales (229 6427 86)