Data Protection & Cyber Security issues arise in business in two broad situations: for gain, or for loss. In gain situations, organisations are seeking to drive benefits from the use of data and the digital environment, while in loss situations they are either prevented from using data and the digital environment, or their use is having negative effects, including through a lack of resilience. The best approach to an issue can differ radically depending on whether it’s a gain or a loss situation.

We always seek to understand the underlying context when designing and delivering our support to clients, to maximise the value and impact of what we do, and we believe in taking a balanced approach

Our mind-set is that data processing and technological developments have enriched the world in countless ways, serving humankind, freedoms, economic growth and prosperity and in gain situations we support our clients to achieve their business purposes and legitimate interests, helping them to innovate and grow, in balance with their obligations and mindful of the rights of others. In difficult situations, we bring a calm and ordered approach, helping to defuse and de-escalate problems and reduce loss, harm and damage. Our support extends to helping clients to better communicate their aims and objectives, including through constructive engagement and dialogue with regulators and special interest groups.

No two organisations are the same. What makes them different are their special characteristics, which are their unique operating and environment features.

The special characteristics include the organisation's business sector; geographical location; legal and administrative structures; business operations, model and plan; culture and ethics; risk profile and appetite; prior legal and regulatory track record; and its resources. Achieving quality outcomes for Data Protection & Cyber Security, such as effective risk management, resilience and compliance, is always dependent upon understanding the impact of the special characteristics for data handling and the digital environment.

Although the law provides a baseline of outcomes that responsible organisations must achieve, their ambitions for data and the digital environment will extend much further than legal compliance. Delivering business purpose, achieving economic targets, acting ethically and maintaining the trust and confidence of stakeholders and investors are just as important in the setting of data and digital goals.

We always recommend taking a broad and holistic approach when determining goals and priorities and we can help you through the process of identifying and refining them.

Organisations need to be situationally aware in order to be truly confident that major issues of concern are properly understood and addressed.

We track developments internationally, across industry sectors and in the legal system and maintain engagement with the wider community of stakeholders who are invested in the achievement of good outcomes, such as privacy activists, worker representatives and consumer champions. We always feed-in these insights into our client engagements, providing benchmarks against which our clients can compare themselves and track their performance.

At the epicentre of the digital world and cyberspace are technology and data themselves. In order to deliver quality outcomes for Data Protection & Cyber Security, organisations must address the technology and data layers of their businesses and their supply chains. Governance models and paperwork by themselves are not enough.

Technical acuity and affinity are at the heart of everything we do. We have strong relationships with technology and data experts, including leaders in PrivacyTech, SecurityTech and AI, so that we can pinpoint the state of technological development to help guide clients on their tech and data strategies. Through our work helping clients handle incidents and operational failures we have acquired deep understanding of the types of quality gaps in the tech and data layer that can cause serious business interruption, reputational damage and legal consequences.

The worlds of Data Protection & Cyber Security are ones where an organisation's positions can be tested regularly by challenge and adverse scrutiny. These tests can occur on a planned or unplanned basis, for benign and malign reasons, through both internal and external channels. Benign, planned, internal testing can include the monitoring of controls by Internal Auditors and others performing risk management and due diligence functions. Malign and unplanned testing often arises from external forces, such as cyber criminals. Others operating along the spectrum of challenge and adverse scrutiny include disgruntled workers, whistleblowers, regulators, shareholder activists, upset customers, compensation claimants and the press and media.

We have broad understanding of the causes and dynamics of challenge and adverse scrutiny. We can help clients plan and prepare for testing situations and guide their responses in live situations, right through to representing their interests in the highest courts in the land.

The law tells organisations what they can do and what they cannot do, but it rarely answers the question 'what is the right thing to do?'.

Many aspects of the use of new technologies and data processing techniques pose ethical dilemmas, with examples including profiling, tracking, automated decision-taking and data sale and monetisation. Our holistic approach to the issues supports the development of data ethics visions and strategies and through processes of ethical stress testing and challenge an organisation can gain a better sense of confidence in its positions.