Phil Pugh, Partner at Acuity Law

Data Privacy & Cyber Security

Lead Partner

The introduction of the GDPR in May 2018 may seem like a distant memory for some organisations, but complying with the privacy regime is as important as ever.

Data protection and cyber security compliance is constantly evolving and here to stay. The new e-Privacy Regulation is expected to come into effect in the near future, which is likely to bring sweeping changes to the rules on electronic marketing and the use of cookies.

Using our own GDPR software product, Data Assist, we can carry out an audit of your data collection and processing activities and develop a bespoke GDPR compliance solution for your business.

Whether you are still unsure about GDPR compliance, just need some top-up advice or a more comprehensive solution, we can help.

With the exponential rise in online activity, digital transactions, data processing and storage in the cloud, the reliance on data confidentiality, integrity and accessibility for businesses has never been more acute. The threat of a cyber incident is a major risk factor for every business.

Business continuity risks and vulnerabilities must be identified, analysed and managed in order to prevent – or at the very least to recover from – any cyber attack. As cyber incidents have become commonplace, your cyber incidence response capabilities are critical.

Our expert lawyers will work with you to identify the legal risks and implement appropriate governance and compliance arrangements to address the impacts of a cyber incident. We advise on:

  • GDPR – advisory, audits, compliance, due diligence, governance, subject access requests, risk analysis, data management and training
  • Data strategy, retention, mapping and operating models
  • Privacy policies, privacy notices, DP impact assessments, legitimate interest assessments and contractual drafting (such as data sharing, joint data controller and data processing arrangements)
  • Cyber security – policies, strategy, technical and legal issues, incident planning and breach management
  • Freedom of Information Act – information requests and breaches under FOIA
  • ICO liaison and complaints and breach strategy and management
  • Advising a leading automotive retailer in complying with the GDPR, a major data breach and successfully defending an action taken by the ICO
  • Advising the Office for National Statistics on its GDPR compliance programme using our Acuity DataGuard product
  • Advising a regional airport on its GDPR data privacy audit and compliance reviews across each of its departments; providing strategic support and drafting privacy policies and notices
  • Advising an IT provider on its post-GDPR data privacy strategy, carrying out an Acuity DataGuard audit and compliance programme, drafting privacy policies and privacy notices, and working with them to design its future data operating model


  • The Tech and Communications Team is ranked Tier 1 in Legal 500.

Skip to content