Information law, data protection and privacy

We help our clients protect their personal data - to guard against the risks of financial and reputational ‘fallout’ associated with data protection, privacy and other information law breaches.

We offer comprehensive privacy and data protection legal services. This helps our clients navigate the complex legal landscape surrounding the collection, use, sharing and storage of personal data.

We are also experienced in helping our clients with Freedom of Information Act 2000 and the Environmental Information Regulations 2004 related matters.

Our services include:

  • UK GDPR compliance: assisting with UK and global compliance programmes, including through our UK GDPR Representative services.
  • Data privacy training: training to help organisations and their employees understand their obligations and responsibilities.
  • Data processing agreements: assisting with UK and international data processing agreements, to help ensure that personal data is processed in accordance with applicable laws.
  • Data Protection Impact Assessments (DPIAs): assisting with DPIAs, including to identify potential risks and providing pragmatic advice.
  • Data breaches: providing expert advice in the event of a data breach, including incident response, regulatory reporting, and risk mitigation strategies.

Our lawyers

Our team consists of lawyers with in-depth data protection, privacy and information law expertise. They are recognised as thought-leaders – they have presented at leading industry events, and have been published nationally.

Our experience

  • Advised on data protection law work in cutting-edge technology fields, including: Artificial Intelligence (AI) and neural network technology; Blockchain; Metaverse arrangements; Internet of Things (IoT); Connected Car Technology; and Cloud Computing.
  • Helped global clients with their UK and EU GDPR compliance arrangements across their international operations, by producing intra-company data processing agreements, taking into account the Schrems II requirements.
  • Successfully avoided regulatory fines and enforcement action against our client in respect of data breaches, by working with the client in respect of the regulatory breach notification and corresponding with the ICO.
  • Helped with formulating and advising on DPIAs involving the processing of personal data by way of Artificial Intelligence and neural network technology in the context of facial recognition systems.
  • Advised education organisations on appeals before the Information Tribunals in relation to the Freedom of Information Act 2000 and the Environmental Information Regulations 2004. This included requests for pre-publication academic research, access to course materials and employee salary disclosure.

Our clients

We represent the full range of clients, from innovative start-ups, global corporates (including those listed on NASDAQ), as well as public sector clients.

Did you know?

Further reading

Mills & Reeve Sites navigation
A tabbed collection of Mills & Reeve sites.
My Mills & Reeve navigation
Subscribe to, or manage your My Mills & Reeve account.
My M&R


Register for My M&R to stay up-to-date with legal news and events, create brochures and bookmark pages.

Existing clients

Log in to your client extranet for free matter information, know-how and documents.


Mills & Reeve system for employees.