Information law, data protection and privacy

Information law, data protection and privacy involve a balancing act of competing rights and obligations. We can help guide you through the complexities.

Information law, data protection and privacy go to the very core of professional and personal interests, involving the delicate balancing of competing rights and obligations. Organisations must ensure that they comply with a wide range of legislation and regulatory guidance or face serious financial and reputational damage.

We are experienced in advising on the full spectrum of issues, including:

  • Proactive audits of compliance and best practice under legislation including the Data Protection Act 2018, the GDPR, the Freedom of Information Act 2000 and the Environmental Information Regulations 2004.
  • Defending your interests before the Information Commissioner and the Information Tribunals.

Our lawyers

Our expert lawyers have vast experience in providing strategic advice on information, privacy and data matters.

Our experience

  • Advising on a range of privacy matters, including drafting GDPR privacy notices, advising on the use of CCTV on clients’ premises, and advising the European Commission/TRL on legal issues around accessing in-vehicle data.
  • Assisting public sector clients in dealing with complex requests for information relating to confidential and commercially sensitive material, including complaints to the Information Commissioner’s Office.
  • Advising education organisations on appeals before the Information Tribunals in relation to the Freedom of Information Act 2000 and the Environmental Information Regulations 2004. This included requests for pre-publication academic research, access to course materials and employee salary disclosure.
  • Successfully representing an NHS trust client in Information Tribunal proceedings relating to access to deceased family members’ personal data.
  • Providing detailed, strategic risk management advice on a range of sensitive data security breaches to address the issues with minimal disruption to the clients' operations and manage staff communication and relations.
  • Advising a range of clients on data sharing activities, including proposed transfers outside of the EEA.
  • Providing on-site data protection audit services to ensure that information systems comply with legislation.

Our clients

We act for clients from across the private, public and charitable sectors, including: 

  • Children’s Investment Fund Foundation (UK)
  • BBC Children In Need
  • British Council
  • NHS England
  • Arm
  • Greene King
  • Advance HE
  • University of East Anglia
  • Financial Conduct Authority
Mills & Reeve Sites navigation
A tabbed collection of Mills & Reeve sites.
My Mills & Reeve navigation
Subscribe to, or manage your My Mills & Reeve account.
My M&R


Register for My M&R to stay up-to-date with legal news and events, create brochures and bookmark pages.

Existing clients

Log in to your client extranet for free matter information, know-how and documents.


Mills & Reeve system for employees.