In today’s digital economy, cyber, data, and technology risks are a constant concern for businesses operating worldwide. The consequences of a data breach or cyber incident can be immediate and far-reaching, impacting reputation, operations, and regulatory standing.
We appreciate that clients need clear, practical guidance to navigate complex disputes. Our team has a wealth of experience in providing clients with strategic advice in relation to potential breaches or infringements of the UK GDPR and the DPA 2018, in managing associated follow-on litigation, including collective actions and in addressing digital legacy issues and unauthorised data use (such as misuse of personal or confidential information, profiling or automated decision-making). We are regularly involved in the preventative mitigation of cyber risks to crisis response, including reporting and notification obligations. We work alongside clients to manage incidents from the outset, coordinate cross-border investigations, and defend claims relating to alleged breaches of data protection laws.
Our team also regularly advises domestic and international clients on contentious technology matters, drawing on deep sector experience and providing a global perspective.
Deeply embedded in the subject matter area.’
The Legal 500 UK 2025
We have extensive experience of all types of disputes arising from the use and misuse of technology. In particular, this includes: disputes relating to the use of Artificial Intelligence, distressed technology projects, such as IT outsourcing and software development, and disputes arising from software/hardware implementation, website designs and payment systems. With a focus on practical solutions, we help clients resolve disputes efficiently while safeguarding business reputation.
Our Services
Overcoming legal and business risk relating to cyber incidents.
Global technology company
- Advised client in respect of a large cross-jurisdictional internal investigation relating to an anticipated regulatory investigation arising from a defective product with associated cyber and data issues.
MedTech provider
- Instructed on behalf of a medical technology provider in relation to the misappropriation of data and source code by a former employee, leading to the obtaining of an injunction and the civil recovery of digital assets.
Navigating the complexities of data breaches.
Pharmaceutical company
- Advised a pharma company in respect of a cyber incident (ransomware attack) affecting the health data of data subjects located in the UK and overseas, and supporting with the consequential reporting and notification obligations. Also acted on the resultant follow-on litigation.
Stalking horse claims
- Defended multiple stalking horse claims seeking damages in respect of alleged data breaches and cyber incidents.
Pensions trust
- Acted for an international pensions master trust in successfully defending a follow-on class action claim in relation to alleged breaches of the UK GDPR and DPA following a cyber-attack suffered by one of its data processors.
Financial services institution
- Acted for a financial services institution following a data breach suffered by one of its data processors; advised in respect of reporting obligations to the ICO and the FCA, prepared notifications to impacted data subjects, defended follow-claims arising from the same, and assisted with the recovery of costs associated with the breach from the data processor.
Representing your business in respect of contentious technology issues.
A global technology company
- Advised client in respect of all its UK digital legacy claims made by the personal representatives of deceased users who were seeking access to stored data held in the Cloud.
A global mutual insurance company
- Advised on a complex IT transformation project dispute, including contract reset and settlement negotiations.
Global IT services provider
- Advised on complex and lengthy IT disputes and contract reset negotiations in respect of a c.£100s of millions IT project between an IT supplier and a national housing association; advising on various connected disputes and supporting with the negotiated settlement achieved through mediation.
3D printing technology company
- Successfully recovered - through the preparation of an injunction - misappropriated critical source code from a former employee relating to the client’s encrypted 3D printing software.
International publishing house
- Acted for an international publishing house in a $350m dispute related to the provision of online educational content and digital services.
Navigating group actions relating to data protection and/or technology.
A multi-national technology company
- Defended a cross-border data group action relating to allegations of unlawful sharing of sensitive personal data.
A pensions master trust
- Defending follow-on group action litigation arising out of the Capita data breach.
Developing and advising on data protection representative actions
- Advised in relation to two substantial representative actions against major technology companies, arising from systemic breaches of data protection legislation, including in relation to children's data.
For more information, please visit our Group Actions page.
