Data 2018: Trends & Conclusions

Data protection, privacy and security are increasingly important matters for businesses of all types. Long the preserve of tech specialists who were the only ones to understand its arcane workings, governments in Europe, the US and Asia are now getting to grips with it and ramping up regulations in the wake of recent data hackings on an unprecedented scale. Moreover, data protection is an aspect that encompasses not only IT, IP, and media and telecoms, but also employment matters and freedom of expression. No longer for the privileged few, the law on data has exploded in recent years, with many law firms looking to cement their position as leaders in the field.

GDPR and the challenge of regulation

Upon talking to lawyers during our research, possibly the most significant new data law is the European Union’s General Data Protection Regulation (GDPR). Coming into force on 25 May 2018, the Regulation will address the processing and use of data and will be binding to all EU countries. Crucial is Article 5(a) and (b), which states that personal data must be:

(a) processed lawfully, fairly and in a transparent manner in relation to individuals;

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;

Naturally, law firms across Europe and the rest of the world have been inundated with requests from clients to guide them through how exactly this will affect their businesses. A key question on this list is what it means for international data transfers, and exactly how these rules bind corporate entities. The new regulations, according to one data law expert, are “bumpy” to say the least and it seems that both lawyers and clients are anticipating teething problems.

Telling is the fact that, despite the UK’s aim to leave the European Union by March 2019, it plans to incorporate all GDPR law into English law during the transition without a whisper of deviating. It was clear from our research that such all-encompassing regulation is badly needed in modern business in order for clients to feel secure and understand their rights when it comes to data protection and security.

Indeed, “data” itself is something that encompasses numerous other practice areas – not least IT, IP, and media and telecoms. Healthcare (particularly e-health) and employment are two areas where data protection and security play a huge role. Both are spaces in which individuals’ personal data needs to be correctly processed, stored, used and protected. With cybercrime on the rise, having the correct technological and legal safeguards in place is paramount.

In the US, which has more sector-specific data privacy laws that differ from state to state, the GDPR has still had an impact. As the cradle of forensic accounting, non-legal data experts told us that big data and cybersecurity are large aspects of their practices while in Asia, particularly Hong Kong and Singapore, data protection law is also burgeoning. Compliance is crucial once again and law firms can be the first line of defence in data breaches when it comes to advising on the infrastructure of services to defend against hackers.

This is not just the case in data-related practices either. One distinguished broadcasting lawyer told us how infrastructure in that industry is also changing, partly due to increasing regulation. With even the BBC now included in OFCOM’s net and facing closer scrutiny from politicians, the media and the license fee payer, regulation is a part of daily life for anyone looking to call themselves a TMT lawyer. How far this stretches, however, is still debatable.

Changes in the legal market

The recent growth and development of the practice area has inevitably borne a new opportunity for law firms to expand and establish themselves as a leading outfit in the space. Speaking to lawyers at one of the UK’s leading firms in the data and technology space, it was highlighted that this opportunity is marked out as particularly special – being a leading international law firm with corporate clout does not automatically mark you out as a go-to firm for data issues.

One lawyer also described a “gold-rush attitude” towards the practice, with all firms trying to obtain a piece of the market. However, it is the firms that started early and can now provide specific, tailored advice that stand to do well. A clutch of law firms can really be said to deserve the moniker of “tech” firms or specialist data protection firms, but – as our research bears out – while the leading corporate firms are well represented, they are not the most highly regarded firms for data protection work.

Moreover, being a specialist data firm requires a global presence and an ability to dispense advice to clients in one jurisdiction on the data laws of another. One law firm headquartered in London has established a practice in its Silicon Valley office that is staffed by European lawyers, with the intention of providing information on EU data regulation to its US clients in real time.

Clients are increasingly not “data” companies per se but rather companies that have specific data issues. As clients become savvier and look for increasingly cost-effective means of obtaining their information, possessing a set of accomplished data specialists is only the first step in providing a top-quality service to clients. Away from the cutting edge of data law, IT, media and communications lawyers still have their work cut out. Outsourcing remains a popular means of completing work done cost-effectively and successfully. IT outsourcing was noted by several lawyers we spoke to as a significant part of their work. Contracts, cloud computing and transactions are some of the more time-honoured matters filling firms’ in-trays.

As the media develops, so do clients’ needs. Many lawyers in the practice area have spent a part of their career in-house to the extent that some firms almost consider it a prerequisite. Financing is also a significant issue. “High-end TV is now more attractive than a feature film,” one lawyer told us, referencing smash hits such as HBO’s Game of Thrones and Netflix’s Stranger Things, and signalling a shift in client requirements. Another lawyer summed it up concisely: “Content is key”.

Telecoms lawyers have also found themselves dealing with issues relating to distribution and territorial restrictions. Infrastructure security is also a matter high up on the list of clients’ concerns. The question of how far foreign – and theoretically competing – nations can be given access to each other’s sensitive data arose again recently with the news that the UK’s National Grid was to sell its majority stake to Chinese and Qatari sovereign wealth funds. This seems to be an issue that, given increasing FDI across the globe, is not likely to go away soon.


The areas of data protection, privacy and security are growing faster now than they have ever done. This is likely an effect of the sector’s rapid development and the recent legislative boom surrounding it. Law firms now need to bring together traditional TMT expertise and prowess on new data laws and compliance if they want to generate a leading practice. Firms that are just beginning to establish themselves in the field may struggle to rival the handful that started early. What is certain is that issues relating to data protection and emerging technology will continue to loom large for their clients.

Back to top

Follow us on LinkedIn

News & Features

Community News



Pro Bono

Corporate Counsel

Women in Law

Future Leaders

Research Reports

Practice Areas


The Who's Who Legal 100


Special Reports



About Us

Research Schedule

It is not possible to buy entry into any Who's Who Legal publication

Nominees have been selected based upon comprehensive, independent survey work with both general counsel and private practice lawyers worldwide. Only specialists who have met independent international research criteria are listed.

Copyright © 2019 Law Business Research Ltd. All rights reserved. |

87 Lancaster Road, London, W11 1QQ, UK | Tel: +44 20 7908 1180 / Fax: +44 207 229 6910 |

Law Business Research Ltd

87 Lancaster Road, London
W11 1QQ, UK