Michael specialises in data protection law. He has expertise in a variety of industries which includes Pensions, Telecoms, Defence, Insurance, Banking, Accountancy, AI services, Construction and Remodelling.
Michael advises clients of all sizes from small business start-ups to global multi-jurisdictional companies.
Michael can provide the following services:
Core Services Offered:
- Data Protection Officer (DPO) Services: This encompass both Outsourced DPO and Fractional DPO services, catering to organizations that need either full-time or part-time DPO support.
- Data Protection Documentation creation:
- Policies and procedures
- Privacy notices
- Data protection provisions in commercial contracts
- International Data Transfer Agreements and Standard Contractual Clauses
- Data Subject Rights Management:
- Data subject access requests
- Data breach management
- Data Protection Impact Assessments (DPIAs):
- Data protection impact assessments
- Legitimate interest assessments
- International transfer impact assessments
- Compliance Audits & Reviews: This includes both general data protection audits and more specific reviews like ISO 27001 compliance.
- General Data Protection & Privacy Advice
Specific Areas of Expertise:
- Data Protection Policies, Notices & Procedures
- International data transfers
- Data sharing agreements and liability
- Data breach management
- Data subject access requests (Contentious and Non-Contentious)
- Controller vs. processor determinations
- Compliance with UK/EU data protection laws
- Data Protection Training
- UK Marketing Requirements (PECR)
- UK & EU Data Protection
- Global Data Protections
- Global Marketing Requirements
- Data Breach Provisions
- Commercial Contracts
- Data Processing Agreements
- E-commerce Agreements
- Software Licensing Agreements
- Confidentiality Agreement
Recent Experience
Telco: Building a Data Protection Framework, Data breach management, ISO 27001 compliance, Ofcom enquiry regulatory responses management. (Privacy Program management, Data Mapping, Risk Assessments, Incident responses).
Financial Services (PaaS) DPO Services provided to a Pensions company. OneTrust implementation of privacy, security and complaince controls.
Cross-Industry: Management of internal policies, DSAR handling, international transfer assessments, legal opinions, data sharing negotiations, data protection impact assessments, complaints handling, ICO reporting, cooperation with supervisory authorities, maintenance of the records of processing operations, data breach management and advice.
Employee Data Incident (Cease and Desist and Employee Undertaking)