Recommended for sports-related data protection
"Lucas has been integral to our entire internal GDPR preparation and success"
"The advice he provided us was to such a high standard that we were recognised by the BBC's Daily Politics Show"
"Lucas continues to impress us with his professionalism and approach to work, as well as being an all-round enjoyable partner to collaborate with."
I am a specialist data privacy lawyer – my life became a lot more interesting once the GDPR came into force!
I advise on all aspects of data privacy and e-privacy law at UK, EU and global levels. Work that I typically do ranges from preparatory (drafting compliance and accountability documentation; advising how to carry out compliant fundraising and marketing campaigns, analysing how planned projects involve using personal data and carrying out impact assessments) to after-the-incident response (managing data security incidents, advising on compliance with requests to exercise individuals’ rights and handling complaints to / investigations by the ICO).
I particularly enjoy working on unique, specialist or offbeat projects – recent examples include advising on the crossover between data privacy law and artificial intelligence; advising on how to report information about an individual’s involvement in illegal arms trading to relevant authorities which was discovered during a research project and advising on how to comply with the obligation of transparency when providing essential services to displaced on the ground in different jurisdictions.
I also regularly provide specialist and bespoke training and updates in person (sometimes assisted by my dog, Morty).
Given that data privacy law has such a broad application, I work with lots of different clients. I particularly enjoy working with organisations in the music, entertainment and sports industries, as well as activist and campaigning organisations and charities; but I have also worked with clients in the retail, education, creative, real estate, technology, legacy and finance industries; as well as political parties and public bodies.
The answers generated would be forwarded to local MPs to encourage discussion between MPs and their constituents and to give respondents a recognised channel to have their opinions heard. We helped to structure the quiz so that affected individuals were made aware of (and asked to give consent to) how cookies were used, there was an option of providing anonymous responses where desired and that the client understood its increased obligations when collecting data on individuals’ political opinions.
Given the publicity surrounding allegations as to Facebook’s contravention of data privacy law, we advised clients to take a cautious approach and carry out detailed data protection impact assessments, and explained how recent decisions (and draft future e-privacy law) suggested that data protection authorities would expect organisations to obtain affected individuals’ prior opt-in consent, even if applicable law – as currently in force – gave rise to a “grey area” which some organisations have used to argue that consent is not yet required to use the programs.
We explained to the client that, while salary information is not special category (i.e. sensitive) personal data for the purposes of the GDPR, some affected individuals may expected such information to be handled with due sensitivity or confidentiality. We therefore helped the client to identify why it considered the scheme important bearing in mind its aims and ideals, how it would help the organisation, its employees and its members, identify the potential impact on affected individuals’ rights to data privacy and methods to minimise that impact as far as possible.