// Home / / /

Cyber Security

Data security breaches are much in the news, with brands such as Mossack Fonseca, TalkTalk, Ashley Madison and Sony Playstation gaining unwelcome notoriety.

Data security breaches can put individuals at risk and cause them loss; they also expose the company to claims, fines and other potentially very serious consequences.

Aside from the potential substantial damage to the brand and goodwill, the importance of cyber security is heightened with key legal developments such as:

  • The new General Data Protection Regulation (GDPR) coming into force in May 2018 which provides for substantial fines for non-compliance with data security requirements of up to 2% of annual worldwide turnover or €10 million, whichever is greater.
  • While there is currently no legal requirement to report data breaches, allowing many breaches to go under the radar, as from May 2018 there will be a legal requirement to report a data security breach.
  • The Courts have decided that damages can now be awarded for breach of privacy even where no financial loss was suffered, and also the amount of damages being awarded is increasing substantially.

This is, therefore, no longer an issue for IT departments, but must be on the agenda for every Board of Directors.

How can we help?

We work with clients on data protection compliance and to manage cyber security risk. We can help with the following:

  • data protection compliance audit to identify areas where greater compliance may be needed and where cyber risk can be mitigated;
  • drafting information security policy, data breach response procedures;
  • reviewing data processing and data transfer agreements, including apportionment of liability by limitation and indemnity clauses;
  • due diligence on service providers or acquisition targets;
  • provision of data protection training to staff.

In the event of a data security breach incident we can provide rapid legal support to mitigate risk:

  • compliance with reporting requirements, (FCA, PCIDSS, ICO);
  • communications to data subjects, service providers and other stakeholders;
  • defensive regulatory actions, where necessary drawing on the expertise of our business crime team;
  • handling claims involving data subjects or service providers;
  • insurance;
  • complementary expertise – technology, financial services, corporate governance, business crime, employment, litigation.

For updates and comment on UK and EU Data Protection and Privacy laws and on Cyber Security, please see our blog at www.idatalaw.com

Recent news, articles and deals:

Nigel Miller quoted in Drapers on the challenges fashion retailers face to protect customer datamore
Nigel Miller awarded Certified Information Privacy Professional/Europe (CIPP/E) credential from International Association of Privacy Professionals (IAPP)more
Data, duties and directorsmore
ICO reports its own data security breachesmore
ICO: “Cyber security is not an IT issue, it is a boardroom issue”more
An Inside Job?more
Brexit and the future of Data Protectionmore
A New European Cyber Security Strategy – Part IImore
A New European Cyber Security Strategy – Part Imore

articles archive

news archive

Who should I contact?


Nigel Miller
Direct dial: +44 (0)7973 641 158


  • Top Ranked Chambers UK 2014 - Leading Firm
  • Ranked in Chambers Europe 2013 - Leading Individual
  • Ranked in Chambers Global 2014 - Leading Firm
  • Legal 500 - Leading Firm
  • The Lawyer UK 200 - Listed Firm
  • The Law Society Excellence Awards 2012 - Shortlisted
  • Investors in People - Bronze