• DE
Choose your location?
  • Global Global
  • Australia
  • France
  • Germany
  • Ireland
  • Italy
  • Poland
  • Qatar
  • Spain
  • UAE
  • UK

Data Protection and Cyber Security

small banner data protection

DWF’s legal and multi-disciplinary professional services business provides clients with global support on critical issues in Data Protection and Cyber Security. Our team includes legal advisers, management consultants, risk professionals, technologists and auditors, who combine to provide truly holistic, end-to-end solutions.

How we can help

We have a market leading reputation

COVID-19 has provided us with a stark and sharp reminder that operational and legal resilience must be prioritised within all of our organisations, so that we can withstand shocks and sustain our success. DWF are focused on helping clients to deliver meaningful, high-quality operational outcomes for Data Protection and Cyber Security, not 'ivory tower' legal advice or 'compliance for compliance sake'. We do this by helping our clients to focus on the things that matter the most, providing them assistance with:


  • Vision and strategy development for the handling, use and security of data and the digital environment, including the achievement of ethical outcomes and business purpose.
  • Business transformation programmes that deliver Data Protection and Security by Design.
  • Technology strategy, procurement and deployment including for new and advanced processing purposes such as profiling, biometrics, automated decision-taking and AI.
  • Resilience, risk management and sustainable compliance to ensure the adoption of appropriate controls and accountability.
  • Stakeholder relations including data subject rights requests, customer complaints handling and workforce training.
  • Board and C-Suite engagement for corporate good governance, covering awareness raising through to support for effective executive decision making.
  • Personal data and security breaches from the development of playbooks for incident response through to notifying breaches to people affected and the authorities.
  • Crisis handling to enable the right things to be done in the most challenging situations, to mitigate harm and loss and to protect reputations.
  • Regulatory investigations and enforcement actions including evidence preparation, advocacy and representation in court.
  • Group litigation and class actions to resolve disputes and to defend against compensation.
  • Due diligence to help maximise deal value in mergers, acquisitions, investments and corporate transactions.
  • Horizon scanning and thought-leadership to help with issue spotting and to stay ahead of the curve.
  • Tools and accelerators such as workflows, templates and PrivacyTech and SecurityTech solutions, to help operationalise outcomes and to free-up management time.

What does a good approach to Data Protection & Cyber Security look like?

Having the right approaches for gain and loss situations

Data Protection & Cyber Security issues arise in business in two broad situations: for gain, or for loss. In gain situations, organisations are seeking to drive benefits from the use of data and the digital environment, while in loss situations they are either prevented from using data and the digital environment, or their use is having negative effects, including through a lack of resilience. The best approach to an issue can differ radically depending on whether it’s a gain or a loss situation.

We always seek to understand the underlying context when designing and delivering our support to clients, to maximise the value and impact of what we do, and we believe in taking a balanced approach

Our mind-set is that data processing and technological developments have enriched the world in countless ways, serving humankind, freedoms, economic growth and prosperity and in gain situations we support our clients to achieve their business purposes and legitimate interests, helping them to innovate and grow, in balance with their obligations and mindful of the rights of others. In difficult situations, we bring a calm and ordered approach, helping to defuse and de-escalate problems and reduce loss, harm and damage. Our support extends to helping clients to better communicate their aims and objectives, including through constructive engagement and dialogue with regulators and special interest groups.

Understanding your special characteristics

No two organisations are the same. What makes them different are their special characteristics, which are their unique operating and environment features.

The special characteristics include the organisation's business sector; geographical location; legal and administrative structures; business operations, model and plan; culture and ethics; risk profile and appetite; prior legal and regulatory track record; and its resources. Achieving quality outcomes for Data Protection & Cyber Security, such as effective risk management, resilience and compliance, is always dependent upon understanding the impact of the special characteristics for data handling and the digital environment.

Achieving your goals on the things that matter the most

Although the law provides a baseline of outcomes that responsible organisations must achieve, their ambitions for data and the digital environment will extend much further than legal compliance. Delivering business purpose, achieving economic targets, acting ethically and maintaining the trust and confidence of stakeholders and investors are just as important in the setting of data and digital goals.

We always recommend taking a broad and holistic approach when determining goals and priorities and we can help you through the process of identifying and refining them.

Being situationally aware

Organisations need to be situationally aware in order to be truly confident that major issues of concern are properly understood and addressed.

We track developments internationally, across industry sectors and in the legal system and maintain engagement with the wider community of stakeholders who are invested in the achievement of good outcomes, such as privacy activists, worker representatives and consumer champions. We always feed-in these insights into our client engagements, providing benchmarks against which our clients can compare themselves and track their performance.

Addressing the technology and data layer

At the epicentre of the digital world and cyberspace are technology and data themselves. In order to deliver quality outcomes for Data Protection & Cyber Security, organisations must address the technology and data layers of their businesses and their supply chains. Governance models and paperwork by themselves are not enough.

Technical acuity and affinity are at the heart of everything we do. We have strong relationships with technology and data experts, including leaders in PrivacyTech, SecurityTech and AI, so that we can pinpoint the state of technological development to help guide clients on their tech and data strategies. Through our work helping clients handle incidents and operational failures we have acquired deep understanding of the types of quality gaps in the tech and data layer that can cause serious business interruption, reputational damage and legal consequences.

Resilience and withstanding challenge and adverse scrutiny

The worlds of Data Protection & Cyber Security are ones where an organisation's positions can be tested regularly by challenge and adverse scrutiny. These tests can occur on a planned or unplanned basis, for benign and malign reasons, through both internal and external channels. Benign, planned, internal testing can include the monitoring of controls by Internal Auditors and others performing risk management and due diligence functions. Malign and unplanned testing often arises from external forces, such as cyber criminals. Others operating along the spectrum of challenge and adverse scrutiny include disgruntled workers, whistleblowers, regulators, shareholder activists, upset customers, compensation claimants and the press and media.

We have broad understanding of the causes and dynamics of challenge and adverse scrutiny. We can help clients plan and prepare for testing situations and guide their responses in live situations, right through to representing their interests in the highest courts in the land.

Acting ethically and doing the right thing

The law tells organisations what they can do and what they cannot do, but it rarely answers the question 'what is the right thing to do?'.

Many aspects of the use of new technologies and data processing techniques pose ethical dilemmas, with examples including profiling, tracking, automated decision-taking and data sale and monetisation. Our holistic approach to the issues supports the development of data ethics visions and strategies and through processes of ethical stress testing and challenge an organisation can gain a better sense of confidence in its positions.

Sign up for the latest trending topics and updates
Sign up to receive email updates for our news, webinars and latest thought leadership across your areas of interest.

Understanding the market

Latest Insights


Key contact

Meet our team

Get in touch with a member of our team by completing the form.
T +44(0)3333202220